Hi, Anyone have any ideas? Cheers Ian On 8/19/07, Ian <barnracoon@xxxxxxxxx> wrote: > Hi, > > I am using squid_ldap_auth on squid version 2.6.STABLE13+ICAP on > FreeBSD and im trying to authenticate against a 2003 server with the > following setup. > > |- DC=my.local > > |-- OU=CapeTown > |--- Group = CapeInternet > |--- User = Zelda > > |-- OU=Durban > |--- Group = DurbanInternet > |--- User = Jason > > |-- OU=Groups > |--- Group = FullInternet > > |-- CN=Users > |--- User=Admin > > Now the group FullInternet has got a nested member list i.e. > FullInternet has the following members > > User=Admin > Group=CapeInternet > Group=DurbanInternet > > Then the CapeInternet has a member of User=Zelda and the group > DurbanInternet has a member User=Jason. So its a nested group > statement where the main OU's for the regions are not located in one > container but under the main DC. The members in the Regional OU's are > only members of the their OU's internet group and not part of the full > internet group. > > My search filter is as follows: > (&(sAMAccountName=%s)(memberOf=CN=FullInternet,OU=Groups,DC=my,DC=local)) > > Now, I have got sub tree searching on and always follow referrals and > always derefference aliases is on. When joining the domain I join to > DC=my,DC=local and not into the Users container. > > When squid is running i can authenticate the Admin user as that user > is a direct member of the FullInternet group, but I need to get the > users in their regional OU's authenticated if they are down-the-line > members. I also cant put in all the groups into my search string > because there are over 150 ou's that are under the main dc and the > administrator is not willing to change it. > > Any ideas as to how I could get this to work? > > Thanks in advance, > Ian >