squid_ldap_group works for me for a "flat group" containing usernames:
/usr/local/squid/libexec/squid_ldap_group \
-h ldapserver \
-D "cn=ldap-administrator,ou=Service
Accounts,ou=_SiteMgmt,ou=XY,ou=DE,dc=emea,dc=zf-world,dc=com" \
-W /usr/local/pw-admin \
-b "ou=DE,dc=emea,dc=zf-world,dc=com" \
-f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=Groups,ou=XY,ou=DE,dc=emea,dc=zf-world,dc=com))"
But structure of out company is a little bit more complex: For every location
there is a group say internet-loc<xy> containing all users of this location
with right for internetaccess. There is a group INTERNETUSERS containing all
subgroups internet_loc<xy>, for example:
internetaccess group
internet-loc1
jim
bob
internet-loc2
mary
paul
internet-loc3
peter
internet-loc4
lary
robert
internet-loc5
werner
Now I have to check, whether a user is member of the group internetaccess. The
script above does not recognize, that jim is member of the group internetaccess
(because he is member of a subgroup).
How can I do this?
Werner
