Re: [squid-users] Authentification against DominoNotes LDAP

From: <[email protected]>
Date: Thu, 3 Apr 2003 15:29:16 +0200

Hello again,

I have now set up my squid.conf like this

=====================================START
.....
external_acl_type inetusers %LOGIN
/usr/local/squid/libexec/squid_ldap_group -b "o=cag" -f "
(&(cn=CAS_NU_Internetuser)(objectClass=groupOfNames)(member=%u))" -F "
(&(uid=%s)(objectClass=Person))" 172.25.0.19
...
acl ldap_password proxy_auth required
acl inet_users external inetusers CAS_NU_Internetuser
...
auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b
"o=cag" -f uid=%s 172.25.0.19
...
http_access allow inet_users
http_access deny all
...
=====================================END

but it does not work. (noone can access, not users in the group, and not
users that are not in the group)
When changing the last line to ALLOW ALL, everyone can access, even if not
in the group.

Without group-checking it worked fine with this
=====================================START
.....
acl ldap_password proxy_auth required
...
auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b
"o=cag" -f uid=%s 172.25.0.19
...
http_access allow ldap_password
http_access allow all
...
=====================================END
(what I don't understand is, that I have to put the last ALLOW ALL, to make
it work. With this only authenticated users can access, others don't. With
DENY ALL noone can access.)

Any suggestions, what is my fault?

Regards
Stefan
Received on Thu Apr 03 2003 - 06:29:33 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:38 MST