[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: problem with ldap group check in squid



Hello,

no one here replied to my question :-( , but for the sake of completeness, here the working config:

/usr/lib64/squid/squid_ldap_group -R -K -b "dc=domain,dc=local" -D administrator -w "AdminPW" \
-f "(&(objectclass=person)(sAMAccountName=%v) \
(memberof=cn=%g,ou=UserGroups,dc=domain,dc=local))" -h domaincontroller





Von: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] Im Auftrag von Fuhrmann, Marcel
Gesendet: Mittwoch, 30. Januar 2013 16:41
An: openldap-technical@openldap.org
Betreff: problem with ldap group check in squid

Hello,
i'm trying to to configure squid to use a ldap (ADS 2008) group check to give access to the internet. The squid mailing list couldn't help me. Maybe you can.

/usr/lib64/squid/squid_ldap_group -d -v3 -b 'ou=OU3,ou=OU2,ou=OU1,dc=DOMAIN,dc=LOCAL' -f \
'(&(sAMAccountName=%v)(memberOf=cn=%a,ou=USERGRUPPEN,dc=DOMAIN,dc=LOCAL))' -D cn=LDAP,cn=USERS,dc=DOMAIN,dc=LOCAL \
-w PASSWORT -h DOMAINCONTROLLER
testuser internet
Connected OK
group filter '(&(sAMAccountName=testuser) (memberOf=cn=internet,ou=USERGROUPS,dc=DOMAIN,dc=LOCAL))', searchbase 'ou=OU3,ou=OU2,ou=OU1,dc=DOMAIN,dc=LOCAL'
ERR

The user TESTUSER is in OU3. The group INTERNET is in a OU called USERGROUPS. TESTUSER is member of INTERNET.
But it doesn't work.

Can somebody give me advice?

Thanks a lot

--
Marcel