Hello,
when I try this Syntax with the squid_ldap_goup-Helper, I get ERR
proxytest:/usr/local/squid/libexec # ./squid_ldap_group -b "o=cag" -f "
(&(cn=%g)(objectClass=groupOfNames)(member=%u))" -F "(&(uid
=%s)(objectClass=Person))" -d 1 172.25.0.19
vogels CAS_NU_Internetuser
Connected OK
user filter (&(uid=vogels)(objectClass=Person))
filter
(&(cn=CAS_NU_Internetuser)(objectClass=groupOfNames)(member=CN=Stefan
Vogel,OU=nu,OU=eu,OU=au,O=cag))
ERR
when using this two filters with the LDAPSEARCH on my LDAP-Server
(DominoNotes 5.11) each filter works:
D:\Lotus\Domino>ldapsearch -h 172.25.0.19 -p 389 "
(&(cn=CAS_NU_Internetuser)(objectClass=groupOfNames)(member=CN=Stefan
Vogel,OU=nu,OU=eu,OU=au,O=cag))"
CN=CAS_NU_Internetuser
cn=CAS_NU_Internetuser
[EMAIL PROTECTED]
objectclass=top
objectclass=groupOfNames
objectclass=dominoGroup
member=CN=Klaus Steger,OU=nu,OU=eu,OU=au,O=cag
member=CN=Stefan Vogel,OU=nu,OU=eu,OU=au,O=cag
D:\Lotus\Domino>ldapsearch -h 172.25.0.19 -p 389 "
(&(uid=vogels)(objectClass=Person))"
CN=Stefan Vogel,OU=nu,OU=eu,OU=au,O=cag
cn=Stefan Vogel
shortname=VogelS
uid=VogelS
[EMAIL PROTECTED]
objectclass=top
objectclass=person
objectclass=organizationalPerson
objectclass=inetOrgPerson
objectclass=dominoPerson
givenname=Stefan
sn=Vogel
I think it should work but it doesn't
BTW: The ldapsearch-results are not cutted. What are you missing?
Regards
Stefan
Henrik Nordstrom
<[EMAIL PROTECTED]
org> To
[EMAIL PROTECTED]
03.04.2003 17:38 cc
[EMAIL PROTECTED]
Subject
Re: [squid-users] Authentification
against DominoNotes LDAP
tor 2003-04-03 klockan 17.06 skrev [EMAIL PROTECTED]:
> The ldapsearch shows:
> D:\Lotus\Domino>ldapsearch -h 172.25.0.19 -p 389 "
> (&(cn=CAS_NU_Internetuser)(obj
> ectClass=groupOfNames)(member=CN=Stefan
> Vogel,OU=nu,OU=eu,OU=au,O=cag))"
>
> CN=CAS_NU_Internetuser
> cn=CAS_NU_Internetuser
> [EMAIL PROTECTED]
> objectclass=top
> objectclass=groupOfNames
> objectclass=dominoGroup
> member=CN=Klaus Steger,OU=nu,OU=eu,OU=au,O=cag
> member=CN=Stefan Vogel,OU=nu,OU=eu,OU=au,O=cag
>
>
> Changing the -F to the same as in the ldap_auth has no effect. and
changing
> to %g has also no effect.
>
> Is it possible, that in "member=%u" the %u is not correctly set as "CN
> =.....,OU=..."? Can I check this in some way?
The squid_ldap_group helper has a undocumented debug flag you can use to
inspect the expanded search filters. Run the helper manually and add -d
1 to the command line arguments before the server name.
The DN in the results of your ldapsearch commands looks a bit odd to
me.. only seem to contain the last component, not the full DN, but maybe
this is just an artefact of your ldapsearch command..
Regards
Henrik
--
Free Squid-users support provided by Henrik Nordstr�m <[EMAIL PROTECTED]>
PayPal donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org&cn=Comment
If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]
