[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldap with squid auth helper
On Friday, 4 June 2010 21:05:26 Gerardo Herzig wrote:
> Hi all. Im triyng to use squid with the squid_ldap_group auth helper.
>
> The schema looks like
> o=Company
>
> -Groups
>
> |-ProxyUsers
> |
> |-Managers
> |-Sales
>
> Managers and Sales are OrganizationalUnit, ProxyUsers is GroupofUniqueNames
>
> Each entry of Managers and Sales inherits from PosixAccount and
> InetOrgPerson
>
> ProxyUsers entry for the user foo is:
> UniqueMember: uid=foo,ou=Managers,o=Company
> UniqueMember: uid=anotherfoo,ou=Sales,o=Company
>
> Inside the ProxyUsers can be people from Managers, Sales, and so.
> Im faliling to test squid_ldap_group from command line (i think the
> filters part)
>
> 1) Is there a way to test if the user foo is part of the ProxyUsers group?
Yes, but from a squid perspective, you will be relying on DN construction in
the filter if you do it this way.
> 2) It is possible to tell squid_ldap_group to look for uid=foo in
> Manager AND Sales, and if there is one try to use it?
> Like if the filter could be "(uid=foo) _AND_ (ou=Managers _OR_ ou=Sales)"?
This sounds more like a question you should pose to the developers of this
software, but having gone down a path requiring DN construction may not be the
best option. Or, d you need to cater to identical uid values in different
containers?
Regards,
Buchan