Hello,
i'm trying to to configure squid to use a ldap (ADS 2008) group check to give access to the internet. The squid mailing list couldn't help me. Maybe you can.
/usr/lib64/squid/squid_ldap_group -d -v3 -b 'ou=OU3,ou=OU2,ou=OU1,dc=DOMAIN,dc=LOCAL' -f \ '(&(sAMAccountName=%v)(memberOf=cn=%a,ou=USERGRUPPEN,dc=DOMAIN,dc=LOCAL))' -D cn=LDAP,cn=USERS,dc=DOMAIN,dc=LOCAL \ -w PASSWORT -h DOMAINCONTROLLER testuser internet Connected OK group filter '(&(sAMAccountName=testuser) (memberOf=cn=internet,ou=USERGROUPS,dc=DOMAIN,dc=LOCAL))', searchbase 'ou=OU3,ou=OU2,ou=OU1,dc=DOMAIN,dc=LOCAL' ERR
The user TESTUSER is in OU3. The group INTERNET is in a OU called USERGROUPS. TESTUSER is member of INTERNET. But it doesn't work.
Can somebody give me advice?
Thanks a lot
-- Marcel
Hello,
no one here replied to my question :-( , but for the sake of completeness, here the working config:
/usr/lib64/squid/squid_ldap_group -R -K -b "dc=domain,dc=local" -D administrator -w "AdminPW" \ -f "(&(objectclass=person)(sAMAccountName=%v) \ (memberof=cn=%g,ou=UserGroups,dc=domain,dc=local))" -h domaincontroller
Von: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] Im Auftrag von Fuhrmann, Marcel Gesendet: Mittwoch, 30. Januar 2013 16:41 An: openldap-technical@openldap.org Betreff: problem with ldap group check in squid
Hello, i'm trying to to configure squid to use a ldap (ADS 2008) group check to give access to the internet. The squid mailing list couldn't help me. Maybe you can.
/usr/lib64/squid/squid_ldap_group -d -v3 -b 'ou=OU3,ou=OU2,ou=OU1,dc=DOMAIN,dc=LOCAL' -f \ '(&(sAMAccountName=%v)(memberOf=cn=%a,ou=USERGRUPPEN,dc=DOMAIN,dc=LOCAL))' -D cn=LDAP,cn=USERS,dc=DOMAIN,dc=LOCAL \ -w PASSWORT -h DOMAINCONTROLLER testuser internet Connected OK group filter '(&(sAMAccountName=testuser) (memberOf=cn=internet,ou=USERGROUPS,dc=DOMAIN,dc=LOCAL))', searchbase 'ou=OU3,ou=OU2,ou=OU1,dc=DOMAIN,dc=LOCAL' ERR
The user TESTUSER is in OU3. The group INTERNET is in a OU called USERGROUPS. TESTUSER is member of INTERNET. But it doesn't work.
Can somebody give me advice?
Thanks a lot
-- Marcel
openldap-technical@openldap.org
-
Fuhrmann, Marcel