Re: [squid-users] Group LDAP auth problem

From: Henrik Nordstrom <[email protected]>
Date: Wed, 2 Jan 2002 18:43:31 +0100

In ACL concepts you are doing the correct thing, but it seems the Group LDAP
auth patch does not like such usage. You are not the first reporting this.
Try contacting the author of Group LDAP Auth.

You could also make use of our external_auth patch for doing this. Known to
work fine for solving this problem but there is no helpers published yet
(http://devel.squid-cache.org/external_auth/).

Regards
Henrik Nordstr�m
Squid Developer

On Wednesday 02 January 2002 16.56, Gregor Ibic wrote:
> I modified a LDAP authentication program to authenticate groups with MS
> Active Domain.
> It works ok with one group, but I dont know how to setup rules for two
> different groups.
>
> I want to have two groups of users, GroupA and GroupB with different
> permissions.
> Both grups are in LDAP directory.
>
> The problem is that if the user is in GroupB (and not in GroupA) the
> authentication
> program tells to squid that the users is not valid. But I want squid to
> check also the next line with GroupB
>
> my acl's:
> ***************************************
> acl ieA ldap_auth static InternetA
> acl ieB ldap_auth static InternetB
>
> http_access allow ieA
> http_access allow ieB
> http_access deny all
>
> if user is on group InternetB it is not allowed to use proxy, cause
> authentication algorithm
> never gets to that line, user is not in group InternetA so authentication
> program returns FALSE.
>
> Regards,
> Gregor
>
> Intelicom d.o.o.
> Security software company
> http://www.intelicom.si
> email: info@intelicom.si
> tel.: ++386 5 6309 158
> fax.: ++386 5 6279 355

-- 
MARA Systems AB, Giving you basic free Squid support
Customized solutions, packaged solutions and priority support
available on request
Received on Wed Jan 02 2002 - 11:22:47 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:36 MST