squid_ldap_group works for me for a "flat group" containing usernames:
/usr/local/squid/libexec/squid_ldap_group \
-h ldapserver \
-D "cn=ldap-administrator,ou=Service Accounts,ou=_SiteMgmt,ou=XY,ou=DE,dc=emea,dc=zf-world,dc=com" \
-W /usr/local/pw-admin \
-b "ou=DE,dc=emea,dc=zf-world,dc=com" \
-f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=Groups,ou=XY,ou=DE,dc=emea,dc=zf-world,dc=com))"
But structure of out company is a little bit more complex: For every location there is a group say internet-loc<xy> containing all users of this location with right for internetaccess. There is a group INTERNETUSERS containing all subgroups internet_loc<xy>, for example:
internetaccess group
internet-loc1
jim
bob
internet-loc2
mary
paul
internet-loc3
peter
internet-loc4
lary
robert
internet-loc5
werner
Now I have to check, whether a user is member of the group internetaccess. The script above does not recognize, that jim is member of the group internetaccess (because he is member of a subgroup).
How can I do this?
Werner
Received on Tue Mar 07 2006 - 05:57:38 MST
This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:03 MST