Re: [squid-users] squid_ldap_group

From: Christoph Haas <[email protected]>
Date: Thu, 27 Feb 2003 13:13:16 +0100

> I am still having trouble getting squid to authenticate based on ldap group
> membership and user password. Here is what I have:
> [...]

Looks okay. Can you do the external_acl_type call manually and enter
"username group<enter>" and get an "OK" when you expect it?

> acl localusers proxy_auth REQUIRED
> acl proxy_users external ldap_group proxygrp
> http_access deny !proxy_users
> http_access allow localusers
>
> In this configuration entering a username which is in the proxygrp in LDAP
> gets access even if the password is wrong, if I swap the http_access rules
> around then a username given with the right password will get access even
> if they are not a member of the proxygrp, removing the deny ! proxy_users
> line also results in the proxygrp not being checked.
>
> How do I get the equivalent of "http_access allow if localusers *and*
> proxy_users"?

We just had this question on another thread. If you want to 'and' two
ACLs you write them in one line like in
"http_access allow localusers proxy_users".

 Christoph

-- 
~
~
".signature" [Modified] 3 lines --100%--                3,41         All
Received on Thu Feb 27 2003 - 05:13:20 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:44 MST