On Friday, 4 June 2010 21:05:26 Gerardo Herzig wrote:
Hi all. Im triyng to use squid with the squid_ldap_group auth helper.
The schema looks like o=Company
-Groups |-ProxyUsers | |-Managers |-SalesManagers and Sales are OrganizationalUnit, ProxyUsers is GroupofUniqueNames
Each entry of Managers and Sales inherits from PosixAccount and InetOrgPerson
ProxyUsers entry for the user foo is: UniqueMember: uid=foo,ou=Managers,o=Company UniqueMember: uid=anotherfoo,ou=Sales,o=Company
Inside the ProxyUsers can be people from Managers, Sales, and so. Im faliling to test squid_ldap_group from command line (i think the filters part)
- Is there a way to test if the user foo is part of the ProxyUsers group?
Yes, but from a squid perspective, you will be relying on DN construction in the filter if you do it this way.
- It is possible to tell squid_ldap_group to look for uid=foo in
Manager AND Sales, and if there is one try to use it? Like if the filter could be "(uid=foo) _AND_ (ou=Managers _OR_ ou=Sales)"?
This sounds more like a question you should pose to the developers of this software, but having gone down a path requiring DN construction may not be the best option. Or, d you need to cater to identical uid values in different containers?
Regards, Buchan