Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Squid Proxy and LDAP Authentication

    Cache/Proxy
    2
    2
    1135
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shfw last edited by

      We are trying to setup the LDAP filter  within Squid and so far managed to get this running with 1 secuirty group from our Microsoft Windows 2008r2 server.  But what we are wanting to do is able to have multiple groups, so for example staff and management.  But am having difficulty in getting the LDAP filter correct, I can get it working with one group but not multple.  The line I am using is below

      (&(memberOf=cn=managemet,ou=staff,dc=domain,dc=co,dc=uk)(sAMAccountName=%s))

      But how will I add the second security group to this line?

      Thank you in advance.

      1 Reply Last reply Reply Quote 0
      • C
        chris4916 last edited by

        From a pure technical standpoint, you could do this:
        (&((|(memberOf=cn=group_A,ou=staff,dc=domain,dc=co,dc=uk)(memberOf=cn=group_B,ou=staff,dc=domain,dc=co,dc=uk))(sAMAccountName=%s))

        or use one single group in Squid that is matching one group in AD containing multiple AD groups. Does this work?

        I'm also not using pfSense Squid package  ;) therefore I don't know the interface neither features that are exposed but Squid allows to create multiple rules. The first one matching will apply. Therefore you're not obliged to merge everything into one single LDAP search isn't? (unless pfSense implement brings some restrictions here  :-[)

        Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post