Hi! I'm trying to check if a user is present in a Group, and now i'm using the following config: external_acl_type memberof ttl=30 %LOGIN /usr/local/squid/libexec/ext_ldap_group_acl -v 3 -R -K -b "dc=domain,dc=local" -D squid@domain.local -W /etc/squid/ldappass.txt -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%g,ou=SQUID,ou=OU domain,dc=domain,dc=local))" -h srv-dc1.domain.local It work, but has some limits, for example if a user is only in the group of interest it not pass (while adding a second Group that is the default Group it works). Also, if a user is on some "sub" groups it not work. I've tried also the kerb helper (with kerb configured and keytab working), using shell commands it work, for example: /usr/lib64/squid/ext_kerberos_ldap_group_acl -g "Internet libero" -D "DOMAIN.LOCAL" that converted in squid must be something like: external_acl_type memberof ttl=30 %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl -d -g "%g" -D "DOMAIN.LOCAL" works (on shell, i've not tried the second syntax on squid), but with the same limits. There is a way to at least have the user in only one Group (that is the default group)? Thanks! -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Group-check-against-AD-tp4668078.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
