On Mon, 18 Apr 2005, D & E Radel wrote:
> Do you know anything about the squid_ldap_group program? I have tried so many
> things but cannot get an "OK" from it. Do you have any samples that work?
It shares a lot of the configuration syntax with squid_ldap_auth. The
pieces needed is
a) User search filter (same as squid_ldap_auth, but other option)
b) A Bind-DN if the directory does not allow anonymous searches
c) A group search filter to lookup if the user is member of the requested
group. The user login or DN and the group name can be substituted into the
filter string by % codes.
A normal group search filter looks like
-f "(&(objectClass=groupOfNames)(cn=%g)(member=%u))"
looking for a groupOfNames object with the group name as name and the user
as member.
> Or any idea on how to run from the commandline?
Mostly the same as squid_ldap_auth, except that it expects a list of group
names instead of password.
> We are trying to allow block access to certain sites to a certain group,
> but not another group. Am I too ambitious? ;-)
Pretty standard thing for using squid_ldap_group.
Regards
Henrik
Received on Mon Apr 18 2005 - 14:52:14 MDT
This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:04 MDT