[squid-users] Problem with squid_ldap_auth

From: Martijn Moret <martijn@dont-contact.us>
Date: Mon, 12 Jul 2004 13:08:13 +0200 (CEST)

Hi,

I have a problem with squid_ldap_auth.
I use it to authorize against M$-AD, no problems so far.
I all works with the following:
auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b
"OU=Gebruikers,DC=domain,DC=org" -s sub -D
"cn=administrator,ou=beheer,dc=domain,dc=org" -w "password" -h server -p
389 -v 3 -f sAMAccountName=%s

Now I also want to check if the user is a member of a AD group, so I did
the following:
auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b
"OU=Gebruikers,DC=domain,DC=org" -s sub -D
"cn=administrator,ou=beheer,dc=domain,dc=org" -w "password" -h server -f
"(&(sAMAccountName=%s)(memberOf=CN=Internet-Users,OU=Gebruikers
Groepen,OU=Gebruikers,DC=domain,DC=org))"

This works great from the command line: a user who is a member get's OK
and if you are not a member it shows ERR. This is what I want.
I just can't get it to work from within squid. In the cache.log the
following line appears when authenticating:
squid_ldap_auth: WARNING, LDAP search error 'Bad search filter'

I'm using squid/2.5.STABLE4 on solaris 9.

Any help??

Regards
Martijn
Received on Mon Jul 12 2004 - 05:08:15 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:01 MDT