On the 2000 domain controller I have standard users in the Users container. The authorised internet users will also be a member of a group called Internet. So far I've been using ldapsearch to verify what sort of information will be coming out of the LDAP but I find it hard to make this correspond to the parameters I'm putting into squid_ldap_group.
For example, here's an ldapsearch line that will give me the Internet group back with a list of members:
ldapsearch -x -b cn=Internet,cn=Users,dc=domain,dc=local -D cn=Administrator,cn=Users,dc=domain,dc=local -W -h 192.168.150.100
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=Internet,cn=Users,dc=domain,dc=local> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#
# Internet, Users, domain.local dn: CN=Internet,CN=Users,DC=domain,DC=local member: CN=Cameron,CN=Users,DC=domain,DC=local member: CN=Oliver,CN=Users,DC=domain,DC=local cn: Internet groupType: -2147483646 instanceType: 4 distinguishedName: CN=Internet,CN=Users,DC=domain,DC=local objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=domain,DC=local objectClass: top objectClass: group objectGUID:: I6No/vayb0iE8uD6mxvtzg== objectSid:: AQUAAAAAAAUVAAAAPeMITdvrDFCoN9ZlVAYAAA== name: Internet sAMAccountName: Internet sAMAccountType: 268435456 uSNChanged: 746952 uSNCreated: 742415 whenChanged: 20041128224030.0Z whenCreated: 20041126041439.0Z
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
How do I turn this into a useful line for squid_ldap_group? I've tried the following with no success:
/usr/lib/squid/squid_ldap_group -b cn=Users,dc=domain,dc=local -f "(&(name=%g)(member=%u)(objectClass=group))" -D cn=Administrator,cn=Users,dc=domain,dc=local 192.168.150.100
Oliver Internet ERR CN=Oliver,CN=Users,DC=domain,DC=local Internet ERR
Also the fact that 2000 doesn't allow you to view what is going on with the LDAP queries makes it even harder. Any help will be greatly appreciated.
Regards, Oliver
-- --------------------------------------- Oliver Hookins B.Sc(Computing and Information Systems) Exhibition IT Services Pty Ltd e: [EMAIL PROTECTED] p: +61 2 9882 1300 f: +61 2 9882 3377
This communication is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking any action in reliance on, this communication by persons or entities other than the intended recipient is prohibited. Exhibition IT Services Pty LTD makes no express or implied representation or warranty that this electronic communication or any attachment is free from computer viruses or other defects or conditions which could damage or interfere with the recipients data, hardware or software. This communication and any attachment may have been modified or otherwise interfered with in the course of transmission.
