I did implement recursive group search in squid_kerb_ldap at
http://sourceforge.net/project/showfiles.php?group_id=196348.
Markus
"Henrik Nordstrom" <henrik@xxxxxxxxxxxxxxxxxxx> wrote in message
news:1228648685.18527.57.camel@xxxxxxxxxxxxxxxxxxxxxxxx
mån 2008-11-24 klockan 13:04 -0800 skrev Mike Ely:
directly a member of the acl group. What I need to do is be able to use
nested groups. (Sorry, it looks like I've stated this two different
ways)
nested groups unfortunately does not map very well to LDAP, and is not
supported by squid_ldap_group.
A nested group lookup via LDAP involves retreiving the whole group
membership, looking for groups and then retreiging those groups,
recursively until no further subgroups is found.
In MS AD it may work doing the lookup the opposite way, querying if the
user has the group listed in his user object. At least worth a try. The
easiest way to see if this is the case is to use ldapserach to inspect
the user object, or any other LDAP browser capable of querying you AD
tree.
Regards
Henrik
