[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap with squid auth helper



On Friday, 4 June 2010 21:05:26 Gerardo Herzig wrote:
> Hi all. Im triyng to use squid with the squid_ldap_group auth helper.
> 
> The schema looks like
> o=Company
> 
>      -Groups
> 
>          |-ProxyUsers
>     |
>     |-Managers
>     |-Sales
> 
> Managers and Sales are OrganizationalUnit, ProxyUsers is GroupofUniqueNames
> 
> Each entry of Managers and Sales inherits from PosixAccount and
> InetOrgPerson
> 
> ProxyUsers entry for the user foo is:
> UniqueMember: uid=foo,ou=Managers,o=Company
> UniqueMember: uid=anotherfoo,ou=Sales,o=Company
> 
> Inside the ProxyUsers can be people from Managers, Sales, and so.
> Im faliling to test squid_ldap_group from command line (i think the
> filters part)
> 
> 1) Is there a way to test if the user foo is part of the ProxyUsers group?

Yes, but from a squid perspective, you will be relying on DN construction in 
the filter if you do it this way.

> 2) It is possible to tell squid_ldap_group to look for uid=foo in
> Manager AND Sales, and if there is one try to use it?
> Like if the filter could be "(uid=foo) _AND_ (ou=Managers _OR_ ou=Sales)"?

This sounds more like a question you should pose to the developers of this 
software, but having gone down a path requiring DN construction may not be the 
best option. Or, d you need to cater to identical uid values in different 
containers?

Regards,
Buchan