Christoph Haas <[EMAIL PROTECTED]>
27/02/2003 08:13 PM
To: [EMAIL PROTECTED]
cc:
Subject: Re: [squid-users] squid_ldap_group
> > I am still having trouble getting squid to authenticate based on ldap
group
> > membership and user password. Here is what I have:
> > [...]
> Looks okay. Can you do the external_acl_type call manually and enter
> "username group<enter>" and get an "OK" when you expect it?
No. I was typing "username password<enter>". Now I can't get that to work
either- if I ever did, starting to feel like an idiot! :-(
So trying to solve the *right* problem-
# ldapsearch -h ldap.some.org.au -b
"ou=groups,dc=some,dc=org,dc=au,o=Internet" "cn=proxygrp"
member=cn=user1,ou=people,dc=some,dc=org,dc=au,o=Internet
member=cn=user2,ou=people,dc=some,dc=org,dc=au,o=Internet
member=cn=user3,ou=people,dc=some,dc=org,dc=au,o=Internet
With perl's Net:SSH I use the following:
base => "cn=proxygrp,ou=groups,dc=some,dc=org,dc=au,o=Internet",
filter =>
"(member=cn=$user,ou=people,dc=some,dc=org,dc=au,o=Internet)"
which does work but I can't work out how to achieve the same with
ldapsearch or squid_ldap_group
this:
ldapsearch -h ldap.some.org.au -b
"cn=proxygrp,ou=groups,dc=some,dc=org,dc=au,o=Internet"
"member=cn=user1,ou=people,dc=some,dc=org,dc=au,o=Internet"
prints all users in proxygrp, as does:
ldapsearch -h ldap.some.org.au -b
"ou=groups,dc=some,dc=org,dc=au,o=Internet"
"(&(cn=proxygrp)(member=cn=user1,ou=people,dc=some,dc=org,dc=au,o=Internet))"
-b on squid_ldap_group does not seem to have an "%" substitution to add
the group name and including a filter for group and the filter doesn't
work any of the ways I have tried it-
/usr/local/squid/libexec/squid_ldap_group -h ldap://ldap.some.org.au -D
"cn=admin,o=Internet" -w "password" -b
"ou=groups,dc=some,dc=org,dc=au,o=Internet" -f
"(&(cn=%g)("member=cn=%u,ou=people,dc=some,dc=org,dc=au,o=Internet"))"
Any help would be appreciated.
Thanks
Murray
