On Tue, 10 Aug 2004, Stefan Thomas wrote:
/usr/local/squid/libexec/squid_ldap_auth -b "" -D "cn=name,o=name" -w passwd -h ip-adr -f (&(&(cn=%s)(objectClass=person))(groupMembership=cn=Internet,ou=name,ou= name,o=name))
This works very well. No I have a new challenge to solve. I want to check is the authorised user in the group "internet" OR "marketing" OR "normal" OR ...
He should be in one !! of these groups, not in all !
See RFC2254
& is AND | is OR
(&(cn=%s)(objectClass=person)(|(groupMembership=cn=Internet,ou=name,ou=name,o=name)(groupMembership=cn=Marketing,ou...)(groupMembership=cn=Normal,ou..)(...)))
But personally I would make the setup as follows
1. One single group which determines if the user should at all be allowed to use the Internet, if not all users should be allowed. This is optional.
2. A number of groups verified by squid_ldap_group for giving different levels of access to the Internet.
Regards Henrik
