mån 2008-11-24 klockan 13:04 -0800 skrev Mike Ely:
> directly a member of the acl group. What I need to do is be able to use
> nested groups. (Sorry, it looks like I've stated this two different ways)
nested groups unfortunately does not map very well to LDAP, and is not
supported by squid_ldap_group.
A nested group lookup via LDAP involves retreiving the whole group
membership, looking for groups and then retreiging those groups,
recursively until no further subgroups is found.
In MS AD it may work doing the lookup the opposite way, querying if the
user has the group listed in his user object. At least worth a try. The
easiest way to see if this is the case is to use ldapserach to inspect
the user object, or any other LDAP browser capable of querying you AD
tree.
Regards
Henrik
Received on Sun Dec 07 2008 - 11:18:15 MST
This archive was generated by hypermail 2.2.0 : Sun Dec 07 2008 - 12:00:02 MST