tor 2012-01-26 klockan 10:20 +0400 skrev CyberSoul: > dn: CN=internetusers,OU=KNG-Services,DC=kng,DC=local > member: CN=ldapreader,OU=KNG-Services,DC=kng,DC=local member have full LDAP DNs. > Well, command for authorized by users I used is: > /usr/lib/squid/squid_ldap_auth -R -D ldapreader@kng.local -w "12345678" \ > -b "dc=kng,dc=local" -f "sAMAccountName=%s" -h 192.168.4.100 > and it's work: > ldapreader 12345678 > OK Good. So you know how to look up users. Not reuse that in squid_ldap_group as documented in it's man page. The two are closely related. squid_ldap_group -R -D ldapreader@kng.local -w "12345678" \ -b "dc=kng,dc=local" -F "sAMAccountName=%s" -h 192.168.4.100 \ -f "(&(objectClass=group)(member=%s))" note the -F which needs to be the same as -f to squid_ldap_auth. This allows squid_ldap_group to locate the user object (DN) enabling it to then lookup DN based group membership. Regards Henrik
