[squid-users] Ldap Authentication and Groups

From: Pedro Alte <[email protected]>
Date: Wed, 23 Apr 2003 09:08:15 +0100

Hi.

I'm having some problems with authentication. Squid is already
authenticating users under the Oganizational Unit defined on the
'auth_param' parameter, but it just doesn't care about group membership.
I'd like to allow only the members of a certain group to use the proxy
server, and I hope someone can help me out.

Here's my config:
auth_param basic program /usr/lib/squid/squid_ldap_auth -b
"OU=container,OU=Users,OU=abcd,OU=organization,DC=domain,DC=com" -u cn
-h 172.20.1.12
external_acl_type squid_ldap_match %LOGIN
/usr/local/squid/libexec/squid_ldap_match -b "ou=aeiou,ou=security
groups,ou=abcd,ou=organization,dc=domain,dc=com" -f
"(&(cn=%u)(memberOf=%g))" -h 172.20.1.12 -p 389 authenticate_ttl 25
second acl thegroup proxy_auth REQUIRED acl groupldap external
squid_ldap_match CN=squidgroup,OU=aeiou,OU=Security
Groups,OU=abcd,OU=organization,DC=domain,DC=com
http_access allow thegroup groupldap

I used to use another ldap authenticator which had a logging parameter,
so I could see ldap errors. Does anyone know if there's a way to
activate ldap logging with squid_ldap_match and/or squid_ldap_auth ?

Thanks,

Pedro.
Received on Wed Apr 23 2003 - 02:19:35 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:15:13 MST