Search squid archive

Re: [squid-users] web access based on ldap groups

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Henrik,

It worked!
Thank you very much for your time!

Cheers,

*cipher*


> On Fri, 4 Feb 2005, cipher wrote:
> 
> > external_acl_type ldap_group ttl=120
> negative_ttl=120
> > %LOGIN
> /usr/local/squid/libexec/squid_ldap_group -b
> > ou=squid
> > ,o=domain.int -f "(&(uid=%v)(memberUid=%g))"
> -B
> > ou=People,o=domain.int -F "uid=%s" -S -R -D
> uid=prox
> > y,ou=squid,o=dmain.int -w proxy-binder -h
> localhost
> > [...]
> 
> > dn: cn=proxy-allow,ou=squid, o=domain.int
> > gidNumber: 600
> > memberUid: test-user
> > objectClass: posixGroup
> > objectClass: top
> > cn: proxy-allow
> 
> Ok, so your LDAP groups is defined with
> 
>    cn = group name
>    memberUid = login name (NOT DN) being member
> of the group
> 
> In squid_ldap_group terms this becomes
> 
>    -f "(&(cn=%g)(memberUid=%u))"
> 
> and you should NOT use a -F flag to translate
> the login names to DN..
> 
> 
> Normally in LDAP groups use the member
> attribute, listing full DNs of the 
> users being members of the group, not just
> login names (uid), but thanks 
> to it's flexible design squid_ldap_group
> doesn't really care and handles 
> both nicely. at the cost of requiring careful
> configuration to match your 
> directory design.
> 
> Regards
> Henrik
> 


-------------------------------------------------
Email Enviado utilizando o serviço MegaMail

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux