Re: [squid-users] Group LDAP auth problem

From: Henrik Nordstrom <[email protected]>
Date: Thu, 3 Jan 2002 15:42:23 +0100

Sorry, I meant external_acl

http://devel.squid-cache.org/external_acl/

Regards
Henrik

On Wednesday 02 January 2002 19.52, Gregor Ibic wrote:
> the link is not working, can you check it?
> Can I ask you some questions over ICQ?
>
> Regards,
> Gregor
>
> Intelicom d.o.o.
> Security software company
> http://www.intelicom.si
> email: info@intelicom.si
> tel.: ++386 5 6309 158
> fax.: ++386 5 6279 355
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@marasystems.com]
> Sent: Wednesday, January 02, 2002 6:44 PM
> To: Gregor Ibic; squid-users@squid-cache.org
> Subject: Re: [squid-users] Group LDAP auth problem
>
>
> In ACL concepts you are doing the correct thing, but it seems the Group
> LDAP auth patch does not like such usage. You are not the first reporting
> this. Try contacting the author of Group LDAP Auth.
>
> You could also make use of our external_auth patch for doing this. Known to
> work fine for solving this problem but there is no helpers published yet
> (http://devel.squid-cache.org/external_auth/).
>
> Regards
> Henrik Nordstr�m
> Squid Developer
>
> On Wednesday 02 January 2002 16.56, Gregor Ibic wrote:
> > I modified a LDAP authentication program to authenticate groups with MS
> > Active Domain.
> > It works ok with one group, but I dont know how to setup rules for two
> > different groups.
> >
> > I want to have two groups of users, GroupA and GroupB with different
> > permissions.
> > Both grups are in LDAP directory.
> >
> > The problem is that if the user is in GroupB (and not in GroupA) the
> > authentication
> > program tells to squid that the users is not valid. But I want squid to
> > check also the next line with GroupB
> >
> > my acl's:
> > ***************************************
> > acl ieA ldap_auth static InternetA
> > acl ieB ldap_auth static InternetB
> >
> > http_access allow ieA
> > http_access allow ieB
> > http_access deny all
> >
> > if user is on group InternetB it is not allowed to use proxy, cause
> > authentication algorithm
> > never gets to that line, user is not in group InternetA so authentication
> > program returns FALSE.
> >
> > Regards,
> > Gregor
> >
> > Intelicom d.o.o.
> > Security software company
> > http://www.intelicom.si
> > email: info@intelicom.si
> > tel.: ++386 5 6309 158
> > fax.: ++386 5 6279 355
Received on Thu Jan 03 2002 - 07:42:46 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:37 MST