Henrik Nordström wrote: > ons 2010-06-02 klockan 19:20 -0300 skrev Gerardo Herzig: > >> ProxyUsers entry for the user foo is: >> UniqueMember: uid=foo,ou=Managers,o=Company >> UniqueMember: uid=anotherfoo,ou=Sales,o=Company >> > >> 1) Is there a way to test if the user foo is part of the ProxyUsers group? > > Yes. But you must also tell squid_ldap_group how to find the user object > based on the login "foo". See the -F argument. If you are using > squid_ldap_auth then -F should be set to the same as you use for -f in > squid_ldap_auth. > > squid_ldap_group -b o=company -F "(&(uid=%s)(objectClass=person))" -f "(&(cn=%g)(uniqueMember=%u))" ... > >> 2) It is possible to tell squid_ldap_group to look for uid=foo in >> Manager AND Sales, and if there is one try to use it? >> Like if the filter could be "(uid=foo) _AND_ (ou=Managers _OR_ ou=Sales)"? > > Yes, but why? > Hi Henrik. Thanks for the answer. Well, question 2) is not well writed (sory english is not my native language) Here is the pseucode for the kind of filter i ment to write: (cn=%g _AND_ ou _IN_ (Manager, Sales) _AND_ (uniqueMember=%u)) That is: It does not matter if the uniqueMember of ProxyUsers group is uid=foo,ou=Managers,o=Company or uid=foo,ou=Salues,o=Company Im sory if im not being clear, but i hope you get the idea. Thanks Henrik for your time! Gerardo
