[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap with squid auth helper

To: openldap-technical@openldap.org
Subject: Re: ldap with squid auth helper
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Mon, 7 Jun 2010 16:42:39 +0100
Cc: Gerardo Herzig <gherzig@fmed.uba.ar>
In-reply-to: <4C095C86.9060104@fmed.uba.ar>
References: <4C095C86.9060104@fmed.uba.ar>
User-agent: KMail/1.12.4 (Linux/2.6.31.13-desktop-1mnb; KDE/4.3.5; x86_64; ; )

On Friday, 4 June 2010 21:05:26 Gerardo Herzig wrote:
> Hi all. Im triyng to use squid with the squid_ldap_group auth helper.
> 
> The schema looks like
> o=Company
> 
>      -Groups
> 
>          |-ProxyUsers
>     |
>     |-Managers
>     |-Sales
> 
> Managers and Sales are OrganizationalUnit, ProxyUsers is GroupofUniqueNames
> 
> Each entry of Managers and Sales inherits from PosixAccount and
> InetOrgPerson
> 
> ProxyUsers entry for the user foo is:
> UniqueMember: uid=foo,ou=Managers,o=Company
> UniqueMember: uid=anotherfoo,ou=Sales,o=Company
> 
> Inside the ProxyUsers can be people from Managers, Sales, and so.
> Im faliling to test squid_ldap_group from command line (i think the
> filters part)
> 
> 1) Is there a way to test if the user foo is part of the ProxyUsers group?

Yes, but from a squid perspective, you will be relying on DN construction in 
the filter if you do it this way.

> 2) It is possible to tell squid_ldap_group to look for uid=foo in
> Manager AND Sales, and if there is one try to use it?
> Like if the filter could be "(uid=foo) _AND_ (ou=Managers _OR_ ou=Sales)"?

This sounds more like a question you should pose to the developers of this 
software, but having gone down a path requiring DN construction may not be the 
best option. Or, d you need to cater to identical uid values in different 
containers?

Regards,
Buchan

References:
- ldap with squid auth helper
  - From: Gerardo Herzig <gherzig@fmed.uba.ar>

Prev by Date: Re: smbk5pwd: ldappassword hangs
Next by Date: Re: LDAP C API
Index(es):
- Chronological
- Thread