Squid squid_ldap_group - group in group - recursive queries
2011-03-16 by , tagged as
A big thank you Pit for mentioning the new LDAP query matching rule started with windows server 2003 to match also groups in groups while validating users aka recursive queries.Here is my magic stanza (watch out for line break in the example)
/usr/lib/squid/squid_ldap_group -R -b "DC=test,DC=de" -D "CN=Proxybenutzer,CN=Users,DC=test,DC=de" -f "(&(objectclass=person)(sAMAccountName=%v)(memberOf:1.2.840.113556.1.4.1941:=cn=%a,OU=GROUPS,OU=MUC,OU=RO,DC=test,DC=de))" -h 192.168.10.10 -W /etc/squid/krb5.password -K
this stanza in squid is replacing %v with the group we want to check against and %a with the current authenticated user. RTFM for the other switches.