Search squid archive

Re: problem with squid_ldap_group

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



tor 2012-01-26 klockan 10:20 +0400 skrev CyberSoul:

> dn: CN=internetusers,OU=KNG-Services,DC=kng,DC=local
> member: CN=ldapreader,OU=KNG-Services,DC=kng,DC=local

member have full LDAP DNs.
> Well, command for authorized by users I used is:
> /usr/lib/squid/squid_ldap_auth -R -D ldapreader@kng.local -w "12345678" \
> -b "dc=kng,dc=local" -f "sAMAccountName=%s" -h 192.168.4.100
> and it's work:
> ldapreader 12345678
> OK

Good. So you know how to look up users. Not reuse that in
squid_ldap_group as documented in it's man page. The two are closely
related.

squid_ldap_group -R -D ldapreader@kng.local -w "12345678" \
-b "dc=kng,dc=local" -F "sAMAccountName=%s" -h 192.168.4.100 \
-f "(&(objectClass=group)(member=%s))"

note the -F which needs to be the same as -f to squid_ldap_auth. This
allows squid_ldap_group to locate the user object (DN) enabling it to
then lookup DN based group membership.

Regards
Henrik




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux