Hello,
Thanks for all, I found the solution:
squid_ldap_group -s sub -b "dc=example,dc=com" -D
"cn=proxy,cn=adminusers,dc=example,dc=com" -w 'test' -f
"(&(objectClass=person)(sAMAccountName=%u)(memberOf=cn=%g,ou=groups,dc=example,dc=com))"
-h "192.168.4.3" -K -R
Now it´s working fine... kerberos(SSO) + AD (users and groups)
integration (Squid ACL´s)-
Just added the options "-s sub" and "-R".
Thanks,
Marcio Garcia
On 30 November 2010 18:19, Marcio Garcia <marciogarcia@xxxxxxxxx> wrote:
>
> Hello,
>
> I am having some problems to build my own syntax with
> squid_ldap_group against AD because I have users in different OUs,
> like bellow:
>
> dc=example,dc=com
> |
> ou=department1,dc=example,dc=com
> |
> dn: cn=user 1,ou=department1,dc=example,dc=com
> objectClass=person
> samAccountName=user1
> memberOf=cn=facebook,ou=groups,dc=example,dc=com
> memberOf=cn=youtube,ou=groups,dc=example,dc=com
> ....
> |
> ou=department2,dc=example,dc=com
> |
> dn: cn=user 2,ou=department2,dc=example,dc=com
> objectClass=person
> samAccountName=user2
> memberOf=cn=facebook,ou=groups,dc=example,dc=com
> memberOf=cn=youtube,ou=groups,dc=example,dc=com
> memberOf=cn=linkedin,ou=groups,dc=example,dc=com
> ....
> |
> ou=department3,dc=example,dc=com
> |
> dn: cn=user 3,ou=department3,dc=example,dc=com
> objectClass=person
> samAccountName=user3
> memberOf=cn=allowed,ou=groups,dc=example,dc=com
> memberOf=cn=denied,ou=groups,dc=example,dc=com
> ....
>
> This is my squid_ldap_group syntax:
>
> squid_ldap_group -b "dc=example,dc=com" -D
> "cn=proxy,cn=adminusers,dc=example,dc=com" -w 'test' -f
> "(&(objectClass=person)(sAMAccountName=%u)(memberOf=cn=%g,ou=groups,dc=example,dc=com))"
> -h "192.168.4.3" -K
>
> And the testes:
>
> user1 facebook
> ERR
>
> user2 linkedin
> ERR
>
> user3 allowed
> ERR
>
> PS: I am using kerberos authentication and it works fine and I
> don´t know why I am having the error above.
>
>
> Thanks,
>
> Marcio Garcia
