Hello,
I am having some problems to build my own syntax with
squid_ldap_group against AD because I have users in different OUs,
like bellow:
dc=example,dc=com
|
ou=department1,dc=example,dc=com
|
dn: cn=user 1,ou=department1,dc=example,dc=com
objectClass=person
samAccountName=user1
memberOf=cn=facebook,ou=groups,dc=example,dc=com
memberOf=cn=youtube,ou=groups,dc=example,dc=com
....
|
ou=department2,dc=example,dc=com
|
dn: cn=user 2,ou=department2,dc=example,dc=com
objectClass=person
samAccountName=user2
memberOf=cn=facebook,ou=groups,dc=example,dc=com
memberOf=cn=youtube,ou=groups,dc=example,dc=com
memberOf=cn=linkedin,ou=groups,dc=example,dc=com
....
|
ou=department3,dc=example,dc=com
|
dn: cn=user 3,ou=department3,dc=example,dc=com
objectClass=person
samAccountName=user3
memberOf=cn=allowed,ou=groups,dc=example,dc=com
memberOf=cn=denied,ou=groups,dc=example,dc=com
....
This is my squid_ldap_group syntax:
squid_ldap_group -b "dc=example,dc=com" -D
"cn=proxy,cn=adminusers,dc=example,dc=com" -w 'test' -f
"(&(objectClass=person)(sAMAccountName=%u)(memberOf=cn=%g,ou=groups,dc=example,dc=com))"
-h "192.168.4.3" -K
And the testes:
user1 facebook
ERR
user2 linkedin
ERR
user3 allowed
ERR
PS: I am using kerberos authentication and it works fine and I
don´t know why I am having the error above.
Thanks,
Marcio Garcia
