On Sunday 17 August 2003 16.47, Ta, Tony wrote: > Okies.. I will try 2morrow.. I wanna take muh mind away from it for > a bit..Like the saying goes... If it ain't broke... Dun fix it.... > hahahahhaha > > Thanks Henrik for ur time and effort.. > > just outa curiosity, did you know that squid_ldap_auth may even be > able to do the job on its own ? coz if I do a ldapsearch > "(&(objectClass=User)(sAMAccountName=%s))(memberOf=Proxy_Access,CN= >Users,DC=MyLDAP,DC=Domain))" this also returns the user attributes. > It returns no results if the user is not a member of the Group. Are > my correct, if so maybe squid_ldap_auth can be modified slightly so > it returns OK if found and ERR if not, this way no external ACL is > required.... umm but I dunno.. I mite just be silliii..
squid_ldap_group supports two modes of operation a) Single search mode (-f only). For example when you search after a attribute of the user object such as memberOf (-f option). b) Dual search mode, where it first searches for the users DN (-F option) and then uses this DN in a second search to verify if the user is member of a certain group object or not (-f option). See the manual for a description of both modes. For additional information on the -F option see also the squid_ldap_auth manual. Regards Henrik
