tor, 2002-09-05 kl. 10:29 skrev Michael Fuller / Railnet: > I have a tricky problem. Given a user name, I need to search Openldap and > find out that user's group membership. The intention is to use external ACLs > in Squid 2.5 pre. Once the user logs on, I need to use his login name and > check out the LDAP group he belongs to. > On going through the LDAP directory, I find that the user does not have a > group attribute, rather groups have a member attribute. If I filter the > search on objectclass=groupofnames, how to extract the user name from the > member attribute and match it? > Will someone please help me construct the appropriate search filter ? Michael, Dunno if this will help, but I use this kind of thing (is this what you want? I don't know, so don't slay me) for my smtp server aliases instead of /etc/aliases. I also use the same principle (other groups, other filters) for local user alternative mail addresses and virtual domains. 1: Say you have a group "localmailgroup", objectClass nisMailAlias, where the allowed attribute is rfc822MailMember (which I have). you want to search for members, this filter works: ldapsearch -x '(&(objectClass=nisMailAlias)(rfc822MailMember=*))' returns a list of mail addresses. Searching on "rfc822MailMember=fred*" etc. doesn't work and indexing "rfc822MailMember" isn't allowed. 2: I have a group of people who can manage limited attributes of other people, "peoplemanagers". objectClass groupOfNames, member cn=Tom Smith,ou=people,ou=groups,dc=billy,dc=demon,dc=nl, member cn=Eva Brown, etc. ldapsearch -x '(&(objectClass=groupOfNames)(cn=*))' returns a list of members' DNs, so does searching on "member" instead of "cn". However, I can't use wildcards and search on "cn=Tom*", even though I've indexed cn (indexing on "member" isn't possible). I use the "peoplemanagers" list just to check for authority in the acls - and it works. That's all I can say, I'm afraid! Best, -- Tony Earnshaw Tha can allway tell a Yorkshireman, but tha canna tell 'im much. e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl gpg public key: http://www.billy.demon.nl/tonni.armor Telefoon: (+31) (0)172 530428 Mobiel: (+31) (0)6 51153356 GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981 3BE7B981
Attachment:
signature.asc
Description: Dette er en digitalt signert meldingsdel