hcl-bot
1
Only user in one spezial group should be allowed to connect to the internet.
How can a squid-proxy ask Domiono-ldap to get this information?
We try this one:
FIRST:
ldapsearch -h {server} “(&(member=cn={user})(objectclass=dominogroup)(cn={group}))” cn
Answer = record of the group
SECOND
ldapsearch -h {server} “(&(objectclass=dominoperson)(cn={user}))”
Answer = record of the person
How can we combinated this questions, so that we got the person-record if the user is member of the group ???
Thanks for all your help.
hcl-bot
2
Subject: Squid-proxy ask Domino LDAP (user + group-member)
Helmut,
you may want to have a look at the “group-ldap-auth” authenticator. A patch for squid 2.4 is available:
http://group-ldap-auth.sourceforge.net
You should upgrade to 2.5.STABLE2 or later though, since LDAP group authentication is included in Squid 2.5.
http://workaround.org/squid/wiki/LdapAuthentication
HTH,
Uli
hcl-bot
3
Subject: Squid-proxy ask Domino LDAP (user + group-member)
Can’t do this as is with Domino and LDAP. LDAP does not support joins which is what you would need to do.
What you could do is have an agent add the group information to the person document, then you could do it within one query.