CsY a écrit :
> where cn=doe in user in internet group?
> And what way could i use, when i have 200internet user in 500users
> network?
> i think, i put all needed user in internet group, and this will work.
> any idea?
>
> thanks
>
The helper uses the base DN ( -b option ) as a root to create the query
( -f option ). In your config :
>>>>> auth_param basic program /usr/lib/squid/ldap_auth -ZZ -b
>>>>> "ou=peoples,dc=mydomain,dc=com" ldap
>>>>>
>>>>> external_acl_type ldap_group %LOGIN
>>>>> /usr/lib/squid/squid_ldap_group -ZZ
>>>>> -b "cn=netgroup,ou=groups,dc=mydomain,dc=com" -f
>>>>> "(&(objectclass=posixGroup)(cn=%a)(member=%v))" -B
>>>>> "ou=peoples,dc=mydomain,dc=com" -F uid="%s" -w pass
>>>>> serveraddress:serverport
>>>>>
>>>>> acl password proxy_auth REQUIRED
>>>>> acl password_group external ldap_group internet
>>>>>
>>>>>
>>>>>
>>>>
the helper will search something like
"cn=doe,cn=netgroup,ou=groups,dc=mydomain,dc=com". But if I remember, it
is impossible to have more than one cn in a DN.
Something like
-b "ou=groups,dc=mydomain,dc=com" -f
"(&(objectclass=posixGroup)(cn=%g)(member=%u))"
and the declaration would be :
acl password_group external ldap_group netgroup
Then LDAP will search an object named :
"cn=netgroup,ou=groups,dc=mydomain,dc=com" with an attribute
"member=%LOGIN" of type "posixGroup".
Look at the thread :
http://www.mail-archive.com/squid-users@squid-cache.org/msg33711.html
Regards.
Ghislain Garçon.
Received on Tue Dec 06 2005 - 01:34:40 MST
This archive was generated by hypermail pre-2.1.9 : Sat Dec 31 2005 - 12:00:02 MST