On Thu, 20 Nov 2003, Maurer Roland MKG-Bank wrote: > First question > When I try the squid_ldap_group in the command line, the programm is waiting > for input. > > Where can I find the form fpor the input > > <group> <uid> ???
login group > Most times the LDAP is not contacted and the programs tells me, that the > answer is "ERR" Only if you did not give correct input. > I build up the call like > > squid_ldap_group -b "ou=Groups,dc=floersheim,dc=myfirm,dc=de" -f > "(&(objectClass=univentionGroup)(cn=internet*))" -F "(uid=%u)" -B > "ou=People,dc=floersheim,dc=myfirm,dc=de" -h 192.168.22.230 The group filter does not look correct.. there should be a %g in there somewhere for referencing the requested group name and a %u for the user login or DN (depending on if -F is used or not). > Where do I check if the user is in the group ? This is the job of the -f filter. The -f filter searches the LDAP directory for a matching group object where the user is listed as member. Before this the -F filter is responsible for translating the login entered in the browser into a DN suitable for LDAP group membership lookup. This option is usually identical to the -f flag of squid_ldap_auth so both programs locate the user in the same manner. Regards Henrik
