Henrik Nordström wrote:
> ons 2010-06-02 klockan 19:20 -0300 skrev Gerardo Herzig:
>
>> ProxyUsers entry for the user foo is:
>> UniqueMember: uid=foo,ou=Managers,o=Company
>> UniqueMember: uid=anotherfoo,ou=Sales,o=Company
>>
>
>> 1) Is there a way to test if the user foo is part of the ProxyUsers group?
>
> Yes. But you must also tell squid_ldap_group how to find the user object
> based on the login "foo". See the -F argument. If you are using
> squid_ldap_auth then -F should be set to the same as you use for -f in
> squid_ldap_auth.
>
> squid_ldap_group -b o=company -F "(&(uid=%s)(objectClass=person))" -f "(&(cn=%g)(uniqueMember=%u))" ...
>
>> 2) It is possible to tell squid_ldap_group to look for uid=foo in
>> Manager AND Sales, and if there is one try to use it?
>> Like if the filter could be "(uid=foo) _AND_ (ou=Managers _OR_ ou=Sales)"?
>
> Yes, but why?
>
Hi Henrik. Thanks for the answer. Well, question 2) is not well writed
(sory english is not my native language)
Here is the pseucode for the kind of filter i ment to write:
(cn=%g _AND_ ou _IN_ (Manager, Sales) _AND_ (uniqueMember=%u))
That is: It does not matter if the uniqueMember of ProxyUsers group is
uid=foo,ou=Managers,o=Company
or
uid=foo,ou=Salues,o=Company
Im sory if im not being clear, but i hope you get the idea.
Thanks Henrik for your time!
Gerardo
Received on Thu Jun 03 2010 - 21:47:01 MDT
This archive was generated by hypermail 2.2.0 : Fri Jun 04 2010 - 12:00:04 MDT