[squid-users] Re: squid_ldap_group against nested groups/Ous

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Sun, 7 Dec 2008 13:09:18 -0000

I did implement recursive group search in squid_kerb_ldap at
http://sourceforge.net/project/showfiles.php?group_id=196348.

Markus

"Henrik Nordstrom" <henrik_at_henriknordstrom.net> wrote in message
news:1228648685.18527.57.camel_at_localhost.localdomain...
> mån 2008-11-24 klockan 13:04 -0800 skrev Mike Ely:
>
>> directly a member of the acl group. What I need to do is be able to use
>> nested groups. (Sorry, it looks like I've stated this two different
>> ways)
>
> nested groups unfortunately does not map very well to LDAP, and is not
> supported by squid_ldap_group.
>
> A nested group lookup via LDAP involves retreiving the whole group
> membership, looking for groups and then retreiging those groups,
> recursively until no further subgroups is found.
>
> In MS AD it may work doing the lookup the opposite way, querying if the
> user has the group listed in his user object. At least worth a try. The
> easiest way to see if this is the case is to use ldapserach to inspect
> the user object, or any other LDAP browser capable of querying you AD
> tree.
>
> Regards
> Henrik
>
>
>
>
Received on Sun Dec 07 2008 - 13:09:37 MST

This archive was generated by hypermail 2.2.0 : Sun Dec 07 2008 - 12:00:02 MST