On ons, 2008-07-16 at 18:31 -0700, Zack Duchene wrote: > I am having a very hard time getting the group external_acl to work with > my active directory. > > Here is the command that I am using: > > external_acl_type InetGroup %LOGIN /usr/lib/squid/squid_ldap_group -R -b > "dc=ADVANTAGE,dc=com" -D "cn=admin1,cn=USERS,dc=ADVANTAGE,dc=com" -w > "**********" -f > "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=Users,dc=AD > VANTAGE,dc=com))" -h 192.168.1.13
Are you sure the groups is in the Users container? Usually one uses squid_ldap_group slightly differently, with -F for looking up the user and then -f to see if that user is listed as a member in the group object.. but both ways works for dual-indexed directories such as MSAD. (where the user object also lists group memberships). Regards Henrik
