On Thu, 18 Dec 2003, Keppner, Christoph wrote: > I know so far, that squid_ldap_group is the right program, but how do i use > it? In a mail from Henrik Nordstrom, there was this description:
squid_ldap_group is used via the external_acl_type directive. See the manual (yes there is a manual for squid_ldap_group). > > 0. Optionally bind (login) as a dummy user (by DN) if anonymous > > searches is disallowed in the directory (-D+-W arguments) > > 1. Search for the user in the directory (-F argument with the same data > > as -f to squid_ldap_auth) > > 2. Search for the group in the directory and verify that the user is > > member of the group (-f argument). > > How must the -f argument looks like?!? The manual has some good hints on this. The purpose of the -f argument to squid_ldap_group is similar to the purpose of the -f argument to squid_ldap_auth but looking for a matching group rather than a matching user. Usually this looks like -f "(&(cn=%g)(member=%u)(objectClass=groupOfNames))" asking the helper to search for a groupOfNames with the group name as cn and the user DN as member. Should probably make this the default when -F is specified. The user DN is looked up by the -F argument in the same manner as the -f argument to squid_ldap_auth. Regards Henrik
