Re: [squid-users] squid_ldap_auth from shell [SOLVED]

Brilliant, works like a charm.

Thanks Henrik!

John

 --- On Sat 10/22, Henrik Nordstrom < hno@squid-cache.org > wrote:
From: Henrik Nordstrom [mailto: hno@squid-cache.org]
To: jhalfpenny@excite.com
     Cc: squid-users@squid-cache.org
Date: Sat, 22 Oct 2005 10:15:53 +0200 (CEST)
Subject: Re: [squid-users] squid_ldap_auth from shell

On Fri, 21 Oct 2005, John Halfpenny wrote:<br><br>> My basic authenticator works fine, in the form<br>><br>> /usr/lib/squid/squid_ldap_auth -b "ou=Users,dc=my,dc=domain"<br>> myname mypassword<br>> OK<br><br>Ok.<br><br>> I have noticed that my LDAP group doesn't have a 'member' attribute, but it does have 'memberUid'. On my LDAPBrowser I can query like this with the desired group as the result:<br>><br>> (&(objectclass=posixGroup)(cn=mygroup)(memberUid=myname))<br><br>Ok.<br><br>> If I put someone elses name in who isn't a member of mygroup then nothing is returned. However, creating the following command string gives me errors!<br>><br>> /usr/lib/squid/squid_ldap_group -b "ou=Groups,dc=my,dc=domain" -f "(&(objectclass=posixGroup)(cn=%a)(memberUid=%v))" -B "ou=Users,dc=my,dc=domain" -F "uid=%s"<br>> myname mygroup<br>> ERR<br><br>You should not specify -B or -F as your membership is not based on the <br>LDAP DN of the user like it is done in most LDAP trees, only the
login.<br><br>And I'd recommend using the much clearer %g/%u codes rather than the <br>now obsolete %a/%v ones...<br><br>Try the following:<br><br>/usr/lib/squid/squid_ldap_group -b "ou=Groups,dc=my,dc=domain" -f "(&(objectclass=posixGroup)(cn=%g)(memberUid=%u))"<br><br>Regards<br>Henrik<br>

_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!
Received on Mon Oct 24 2005 - 02:33:07 MDT