Thanks it works, but now I have a new problem. The squid is running and I remove someone out of the group and add someone new.
This changes are not acvtice since I start the squid new. Are these informations cached ? Or do the squid read the group once at the start ? Roland Maurer -----Urspr�ngliche Nachricht----- Von: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 20. November 2003 13:42 An: Maurer Roland MKG-Bank Cc: [EMAIL PROTECTED]; 'Henrik Nordstrom' Betreff: Re: AW: [squid-users] squid_ldap_group On Thu, 20 Nov 2003, Maurer Roland MKG-Bank wrote: > First question > When I try the squid_ldap_group in the command line, the programm is waiting > for input. > > Where can I find the form fpor the input > > <group> <uid> ??? login group > Most times the LDAP is not contacted and the programs tells me, that the > answer is "ERR" Only if you did not give correct input. > I build up the call like > > squid_ldap_group -b "ou=Groups,dc=floersheim,dc=myfirm,dc=de" -f > "(&(objectClass=univentionGroup)(cn=internet*))" -F "(uid=%u)" -B > "ou=People,dc=floersheim,dc=myfirm,dc=de" -h 192.168.22.230 The group filter does not look correct.. there should be a %g in there somewhere for referencing the requested group name and a %u for the user login or DN (depending on if -F is used or not). > Where do I check if the user is in the group ? This is the job of the -f filter. The -f filter searches the LDAP directory for a matching group object where the user is listed as member. Before this the -F filter is responsible for translating the login entered in the browser into a DN suitable for LDAP group membership lookup. This option is usually identical to the -f flag of squid_ldap_auth so both programs locate the user in the same manner. Regards Henrik
