On Fri, 21 Oct 2005, John Halfpenny wrote:
My basic authenticator works fine, in the form
/usr/lib/squid/squid_ldap_auth -b "ou=Users,dc=my,dc=domain"
myname mypassword
OK
Ok.
I have noticed that my LDAP group doesn't have a 'member' attribute, but it
does have 'memberUid'. On my LDAPBrowser I can query like this with the desired
group as the result:
(&(objectclass=posixGroup)(cn=mygroup)(memberUid=myname))
Ok.
If I put someone elses name in who isn't a member of mygroup then nothing is
returned. However, creating the following command string gives me errors!
/usr/lib/squid/squid_ldap_group -b "ou=Groups,dc=my,dc=domain" -f
"(&(objectclass=posixGroup)(cn=%a)(memberUid=%v))" -B "ou=Users,dc=my,dc=domain" -F
"uid=%s"
myname mygroup
ERR
You should not specify -B or -F as your membership is not based on the
LDAP DN of the user like it is done in most LDAP trees, only the login.
And I'd recommend using the much clearer %g/%u codes rather than the
now obsolete %a/%v ones...
Try the following:
/usr/lib/squid/squid_ldap_group -b "ou=Groups,dc=my,dc=domain" -f
"(&(objectclass=posixGroup)(cn=%g)(memberUid=%u))"
Regards
Henrik
