[squid-users] squid_ldap_group

From: <Werner.Rost@dont-contact.us>
Date: Tue, 7 Mar 2006 13:56:47 +0100

squid_ldap_group works for me for a "flat group" containing usernames:

/usr/local/squid/libexec/squid_ldap_group \
      -h ldapserver \
      -D "cn=ldap-administrator,ou=Service Accounts,ou=_SiteMgmt,ou=XY,ou=DE,dc=emea,dc=zf-world,dc=com" \
      -W /usr/local/pw-admin \
      -b "ou=DE,dc=emea,dc=zf-world,dc=com" \
      -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=Groups,ou=XY,ou=DE,dc=emea,dc=zf-world,dc=com))"

But structure of out company is a little bit more complex: For every location there is a group say internet-loc<xy> containing all users of this location with right for internetaccess. There is a group INTERNETUSERS containing all subgroups internet_loc<xy>, for example:

   internetaccess group
      internet-loc1
           jim
           bob
      internet-loc2
           mary
           paul
      internet-loc3
           peter
      internet-loc4
           lary
           robert
      internet-loc5
           werner

Now I have to check, whether a user is member of the group internetaccess. The script above does not recognize, that jim is member of the group internetaccess (because he is member of a subgroup).

How can I do this?

Werner
Received on Tue Mar 07 2006 - 05:57:38 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:03 MST