Re: [squid-users] ldap auth question

From: Henrik Nordström <henrik_at_henriknordstrom.net>
Date: Thu, 03 Jun 2010 21:15:59 +0200

ons 2010-06-02 klockan 19:20 -0300 skrev Gerardo Herzig:

> ProxyUsers entry for the user foo is:
> UniqueMember: uid=foo,ou=Managers,o=Company
> UniqueMember: uid=anotherfoo,ou=Sales,o=Company
>

> 1) Is there a way to test if the user foo is part of the ProxyUsers group?

Yes. But you must also tell squid_ldap_group how to find the user object
based on the login "foo". See the -F argument. If you are using
squid_ldap_auth then -F should be set to the same as you use for -f in
squid_ldap_auth.

squid_ldap_group -b o=company -F "(&(uid=%s)(objectClass=person))" -f "(&(cn=%g)(uniqueMember=%u))" ...

> 2) It is possible to tell squid_ldap_group to look for uid=foo in
> Manager AND Sales, and if there is one try to use it?
> Like if the filter could be "(uid=foo) _AND_ (ou=Managers _OR_ ou=Sales)"?

Yes, but why?

Regards
Henrik
Received on Thu Jun 03 2010 - 19:15:41 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 04 2010 - 12:00:04 MDT