Hi Henrik, Thank you very much or your time. I worked! :) Cheers *cipher* > On Fri, 4 Feb 2005, cipher wrote: > > > external_acl_type ldap_group ttl=120 > negative_ttl=120 > > %LOGIN > /usr/local/squid/libexec/squid_ldap_group -b > > ou=squid > > ,o=domain.int -f "(&(uid=%v)(memberUid=%g))" > -B > > ou=People,o=domain.int -F "uid=%s" -S -R -D > uid=prox > > y,ou=squid,o=dmain.int -w proxy-binder -h > localhost > > [...] > > > dn: cn=proxy-allow,ou=squid, o=domain.int > > gidNumber: 600 > > memberUid: test-user > > objectClass: posixGroup > > objectClass: top > > cn: proxy-allow > > Ok, so your LDAP groups is defined with > > cn = group name > memberUid = login name (NOT DN) being member > of the group > > In squid_ldap_group terms this becomes > > -f "(&(cn=%g)(memberUid=%u))" > > and you should NOT use a -F flag to translate > the login names to DN.. > > > Normally in LDAP groups use the member > attribute, listing full DNs of the > users being members of the group, not just > login names (uid), but thanks > to it's flexible design squid_ldap_group > doesn't really care and handles > both nicely. at the cost of requiring careful > configuration to match your > directory design. > > Regards > Henrik > ------------------------------------------------- Email Enviado utilizando o serviço MegaMail
