On Friday, 4 June 2010 21:05:26 Gerardo Herzig wrote: > Hi all. Im triyng to use squid with the squid_ldap_group auth helper. > > The schema looks like > o=Company > > -Groups > > |-ProxyUsers > | > |-Managers > |-Sales > > Managers and Sales are OrganizationalUnit, ProxyUsers is GroupofUniqueNames > > Each entry of Managers and Sales inherits from PosixAccount and > InetOrgPerson > > ProxyUsers entry for the user foo is: > UniqueMember: uid=foo,ou=Managers,o=Company > UniqueMember: uid=anotherfoo,ou=Sales,o=Company > > Inside the ProxyUsers can be people from Managers, Sales, and so. > Im faliling to test squid_ldap_group from command line (i think the > filters part) > > 1) Is there a way to test if the user foo is part of the ProxyUsers group?
Yes, but from a squid perspective, you will be relying on DN construction in the filter if you do it this way. > 2) It is possible to tell squid_ldap_group to look for uid=foo in > Manager AND Sales, and if there is one try to use it? > Like if the filter could be "(uid=foo) _AND_ (ou=Managers _OR_ ou=Sales)"? This sounds more like a question you should pose to the developers of this software, but having gone down a path requiring DN construction may not be the best option. Or, d you need to cater to identical uid values in different containers? Regards, Buchan
