Try this: /usr/local/squid/libexec/squid_ldap_group -b ou=security,o=nextiraone,c=ch -f (&(cn=%g)(member=%u)(objectClass=groupOfNames)) -F (&(uid=%s)(objectClass=organizationalPerson))
(-F the same as -f for squid_ldap_auth) Regards Henrik On Friday 07 March 2003 17.15, Homberger Peter wrote: > I have tried also %u as the user and %g for the group. > > external_acl_type ldap_group %LOGIN > /usr/local/squid/libexec/squid_ldap_group -b > "ou=security,o=nextiraone,c=ch" -f > (&(cn=%g)(member=uid=%u,*)(objectClass=groupOfNames)) > > The only one I have found out to work is the following, but then > all existing users in the directory will be authenticated instead > of only the members of the LDAP group. > > external_acl_type ldap_group %LOGIN > /usr/local/squid/libexec/squid_ldap_group -b > "ou=security,o=nextiraone,c=ch" -f > (&(cn=%g)(member=*)(objectClass=groupOfNames)) > > Mit freundlichen Gr�ssen > > With kind regards > > Peter Homberger > > NextiraOne Schweiz GmbH > Peter Homberger > Consultant Security / NMS > Industriestasse 30, CH-8203 Kloten > Tel: +41 1 815 32 65 > Fax: +41 1 813 53 24 > > mailto:[EMAIL PROTECTED] > http://www.nextiraone.ch > > > -----Urspr�ngliche Nachricht----- > Von: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 7. M�rz 2003 16:46 > An: Homberger Peter > Betreff: Re: AW: AW: AW: [squid-users] Squid_ldap_group > > fre 2003-03-07 klockan 15.29 skrev Homberger Peter: > > /usr/local/squid/libexec/squid_ldap_group -b > > "ou=security,o=nextiraone,c=ch" -f > > "(&(cn=%v)(member=uid=%d,*)(objectClass=groupOfNames))" > > phom password > > ERROR: Unknown filter template string %d > > squid_ldap_group ERROR, Failed to construct LDAP search filter. > > filter="(&(cn=phom)(member=uid=", user="phom", group="password" > > ERR > > > > Could be there the problem? > > This is a problem > > Based on the error message you get I can see you are using a > reasonably current version of the helper. Then %u can be used for > the user name and %g for the group name, which is easier to > remember than the %v and %a used by the original helper shipped in > Squid-2.5.STABLE1.. > > > What kind of information is required for the requested input? > > What meens %LOGIN in squid.conf bevor the above command? > > That the helper expects the users login name as input before the > group name.. see the documentation of external_acl_type in > squid.conf.default.
