tor 2003-03-06 klockan 11.02 skrev Homberger Peter: > My LDAP Group: > > # Security-Group, security, nextiraone, ch > dn: cn=Security-Group,ou=security,o=nextiraone,c=ch > objectClass: groupOfNames > objectClass: groupOfUniqueNames > cn: Security-Group > member: cn=FW1-Template,o=nextiraone,c=ch > member: cn=Homberger Peter,ou=security,o=nextiraone,c=ch > uniqueMember: uid=phom,ou=security,o=nextiraone,c=ch > > > My User: > > # Homberger Peter, security, nextiraone, ch > dn: cn=Homberger Peter,ou=security,o=nextiraone,c=ch > objectClass: person > objectClass: uidObject > objectClass: organizationalPerson > cn: Homberger Peter > sn: Homberger > uid: phom > userPassword: ********** > > My squid.conf > > auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -u uid -b > ou=security,o=nextiraone,c=ch
This is a problem... what you want is something like this: squid_ldap_auth -b ou=security,o=nextiraone,c=ch -f (&(uid=%s)(objectClass=organizationalPerson)) -h your.ldap.server the -u argument is only applicable if the user login name is the last component of the user DN (cn=Homberger Peter in your case). > external_acl_type ldap_group %LOGIN > /usr/local/squid/libexec/squid_ldap_group -b "ou=security,o=nextiraone,c=ch" > -f '(&(cn=%v)(member=uid=%d,*)(objectClass=groupOfNames))' Looks good, but you might want to upgrade to a later version of squid_ldap_group to simplify the filter somewhat.. also your probably need to remove the quotes around the filter specification. See also the known bugs page.. Regards Henrik -- Henrik Nordstrom <[EMAIL PROTECTED]> MARA Systems AB, Sweden
