Hi! On Sat, Jan 2, 2010 at 1:49 PM, ml ml <mliebherr99@xxxxxxxxxxxxxx> wrote: > Hi, > > thanks for the reply. > > However, i cant get the proof-of-concept working on the command line: > > echo "mo" | squid_ldap_group -b "dc=my-domain,dc=com" -f "cn=mo" -F > "cn=mo" -h localhost -D "cn=Manager,dc=my-domain,dc=com" -w secret Not sure, but I use this on the squid.conf: /usr/lib/squid/squid_ldap_group -b "ou=Groups,dc=example,dc=com" -f "(&(objectclass=posixGroup)(cn=%g)(memberUid=%u))" -h localhost -P -v 3 -B "ou=Users,dc=example,dc=com" -D cn=read_only,dc=example,dc=com -w password > > it always returns ERR. If i do a "tcpdump -i any -n port 389" then i > cant see any traffic at all. > I'm not sure, but I think it doesn't return traffic for lo interface. > Any idea how i can debug this? the "-d" option does not seem to do any > debugging! maybe run the ldap daemon (slapd) with "-d -1" option, but it will print LOTS of info, make sure NO OTHER PROCESS access the directory server while you run the test (maybe a VM will help). > > Thanks, > Mario > > > > On Thu, Dec 31, 2009 at 9:29 PM, Chris Robertson <crobertson@xxxxxxx> wrote: >> ml ml wrote: >>> >>> Hello List, >>> >>> i read that its quite easy to get squid with ldap auth running. >>> >>> I would also like to manage Black/White URL-Lists in ldap. Can this be >>> done via ldap, too? mmmmm..... maybe, but, I think this could become slow, I have never used LDAP for black lists, I store them on plain-text files, and then use group membership (ldap) to manage who the lists applies to. If you feel like you really need to have the URLs on LDAP, I would write an script that reads the URLs from LDAP and write them to plain-text files that squid would use. Off course, you would need some "intelligence" on the script. I hope this helps, Ildefonso Camargo
