On Fri, 21 Oct 2005, John Halfpenny wrote:
> My basic authenticator works fine, in the form
>
> /usr/lib/squid/squid_ldap_auth -b "ou=Users,dc=my,dc=domain"
> myname mypassword
> OK
Ok.
> I have noticed that my LDAP group doesn't have a 'member' attribute, but it does have 'memberUid'. On my LDAPBrowser I can query like this with the desired group as the result:
>
> (&(objectclass=posixGroup)(cn=mygroup)(memberUid=myname))
Ok.
> If I put someone elses name in who isn't a member of mygroup then nothing is returned. However, creating the following command string gives me errors!
>
> /usr/lib/squid/squid_ldap_group -b "ou=Groups,dc=my,dc=domain" -f "(&(objectclass=posixGroup)(cn=%a)(memberUid=%v))" -B "ou=Users,dc=my,dc=domain" -F "uid=%s"
> myname mygroup
> ERR
You should not specify -B or -F as your membership is not based on the
LDAP DN of the user like it is done in most LDAP trees, only the login.
And I'd recommend using the much clearer %g/%u codes rather than the
now obsolete %a/%v ones...
Try the following:
/usr/lib/squid/squid_ldap_group -b "ou=Groups,dc=my,dc=domain" -f "(&(objectclass=posixGroup)(cn=%g)(memberUid=%u))"
Regards
Henrik
Received on Sat Oct 22 2005 - 02:15:57 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:05 MST