ok guys, i found my error. forget this message. I had to add a '-u cn' and 'member=%v' on the group filter. cheers > > Hello again, > > im having a problem with squid_ldap_group. > > I created 3 groups to users that will be auhenticated by this helper: > > FULL > RESTRICT > NORMAL > > from my terminal: > > [FreeBSD]#/squid/libexec/squid_ldap_group -h 10.252.1.49 -b > "OU=Global,OU=Grupos,DC=mydomain,DC=com" -f > "(&(sAMAccountname=%a)(objectClass=group))" -B > "CN=Users,DC=mydomain,DC=com" -F > "(&(sAMAccountname=%s)(objectClass=person))" -D "mtb\lookup" -w > lookup -d > fabio.mendes "RESTRICT" > Connected OK > user filter '(&(sAMAccountname=fabio.mendes)(objectClass=person))', > searchbase 'CN=Users,DC=mydomain,DC=com' > group filter '(&(sAMAccountname=RESTRICT)(objectClass=group))', > searchbase 'OU=Global,OU=Grupos,DC=mydomain,DC=com' > OK > > correct. This user belongs to this group. > > but, > > [FreeBSD]#/squid/libexec/squid_ldap_group -h 10.252.1.49 -b > "OU=Global,OU=Grupos,DC=mydomain,DC=com" -f > "(&(sAMAccountname=%a)(objectClass=group))" -B > "CN=Users,DC=mydomain,DC=com" -F > "(&(sAMAccountname=%s)(objectClass=person))" -D "mtb\lookup" -w > lookup -d > fabio.mendes "FULL" > Connected OK > user filter '(&(sAMAccountname=fabio.mendes)(objectClass=person))', > searchbase 'CN=Users,DC=mydomain,DC=com' > group filter '(&(sAMAccountname=FULL)(objectClass=group))', > searchbase 'OU=Global,OU=Grupos,DC=mydomain,DC=com' > OK > > this is incorrect. this user doesnt belongs to this group. The same > thing occurs with NORMAL group or any other group in my ldap tree > when i use squid_ldap_group to auth. > > both groups dn and users dn are correct. > > Where is my error ? > > > cheers > -- > _______________________________________________ > Get your free email from http://mymail.bsdmail.com > > Powered by Outblaze -- _______________________________________________ Get your free email from http://mymail.bsdmail.com Powered by Outblaze
