[squid-users] squid_ldap_group syntax

Hello,

    I am having some problems to build my own syntax with
squid_ldap_group against AD because I have users in different OUs,
like bellow:

    dc=example,dc=com
        |
        ou=department1,dc=example,dc=com
            |
            dn: cn=user 1,ou=department1,dc=example,dc=com
                  objectClass=person
                  samAccountName=user1
                  memberOf=cn=facebook,ou=groups,dc=example,dc=com
                  memberOf=cn=youtube,ou=groups,dc=example,dc=com
                  ....
        |
        ou=department2,dc=example,dc=com
            |
            dn: cn=user 2,ou=department2,dc=example,dc=com
                  objectClass=person
                  samAccountName=user2
                  memberOf=cn=facebook,ou=groups,dc=example,dc=com
                  memberOf=cn=youtube,ou=groups,dc=example,dc=com
                  memberOf=cn=linkedin,ou=groups,dc=example,dc=com
                  ....
      |
        ou=department3,dc=example,dc=com
            |
            dn: cn=user 3,ou=department3,dc=example,dc=com
                  objectClass=person
                  samAccountName=user3
                  memberOf=cn=allowed,ou=groups,dc=example,dc=com
                  memberOf=cn=denied,ou=groups,dc=example,dc=com
                  ....

    This is my squid_ldap_group syntax:

    squid_ldap_group -b "dc=example,dc=com" -D
"cn=proxy,cn=adminusers,dc=example,dc=com" -w 'test' -f
"(&(objectClass=person)(sAMAccountName=%u)(memberOf=cn=%g,ou=groups,dc=example,dc=com))"
-h "192.168.4.3" -K

    And the testes:

    user1 facebook
    ERR

    user2 linkedin
    ERR

    user3 allowed
    ERR

    PS: I am using kerberos authentication and it works fine and I
don´t know why I am having the error above.

Thanks,

Marcio Garcia
Received on Tue Nov 30 2010 - 18:19:39 MST