The two searches below sho no resemble of each other. The squid_ldap_group options which matches your ldapsearch command is
squid_ldap_group -b "DC=MyLDAP,DC=Domain" -D "CN=etc etc,CN=Users,DC=MyLDAP,DC=Domain" -w etc -h LDAPSERVER -f "(&(objectClass=User)(sAMAccountName=%u)(memberOf=CN=%g, CN=Users,DC=MyLDAP,DC=Domain))" Your squid_ldap_group search pattern (-f option) does not look correct. There is no reference to what group to look for. Also, using the %u/%g codes of the 2.5.STABLE3 helper makes it a lot easier to understand what it what.. Note: The Squid configure flags is irrelevant. Only the squid_ldap_group command line options matters. For further help with squid_ldap_group please use the squid-users mailinglist. Regards Henrik On Saturday 16 August 2003 19.51, you wrote: > Hi Hendrik, > > > Sooooo Sooorryy to do this to you but I have been sitting on this > for a whole week chasing my tail with getting the right syntax. I > am using Squid Cache: Version 2.5.STABLE3 > configure options: --enable-basic-auth-helper=ldap_auth > --enable-external-acl-helpers=ldap_group --enable-kill-parent-hack > --enable-snmp to connect to a Windows2K Active Directory. > > I tried to test the squid_ldap_group module with the following > result: > > # /usr/local/squid/libexec/squid_ldap_group -b > "DC=MyLDAP,DC=Domain" -D "CN=etc etc,CN=Users,DC=MyLDAP,DC=Domain" > -w etc -h LDAPSERVER -f "(&(objectClass=group)(CN=%a))" -F > "(&(sAMAccountName=%s)(objectClass=User))" -d -v1 etc proxy_access > Connected OK > user filter (&(sAMAccountName=etc)(objectClass=User)) > squid_ldap_group WARNING, LDAP search error 'Operations error' > ERR > > yet when I do > ldapsearch -b "DC=MyLDAP,DC=Domain" -D "CN=etc > etc,CN=Users,DC=MyLDAP,DC=Domain" -w etc -h LDAPSERVER > "(&(objectClass=User)(sAMAccountName=etc)(memberOf=CN=proxy_access, >CN=Users,DC=MyLDAP,DC=Domain))" it returns all the user attributes > > I must be doing something wrong > > Can you pleeeeeaaaaase help. > > Kind Regards
