[squid-users] ntlm_auth + ldap_group

From: Oswaldo Gomes <[email protected]>
Date: Thu, 4 Sep 2003 16:50:37 -0300

Hi,

is it possible to use ntlm_auth just to authenticate users, and ldap_group
to control access by group membership?

I�m trying this configuration:

#ntlm_auth configuration
auth_param ntlm program /usr/local/squid/libexec/ntlm_auth
extranet/servername

# ldap_group configuration
external_acl_type ldap_group %LOGIN
/usr/local/squid/libexec/squid_ldap_group -h servername -b
"dc=extranet,dc=lab" -f "(&(cn=%g)(member=%u))" -F "sAMAccountName=%s" -D
"cn=ldapread,cn=Users,dc=extranet,dc=lab" -w "password" -d 1

# access control
acl test proxy_auth REQUIRED
acl testldap external ldap_group Administrators
http_access allow testldap
http_access deny all

But I receive the following error in cache.log:

user filter sAMAccountName=extranet\5cadministrator
squid_ldap_group WARNING, User 'sAMAccountName=extranet\5cadministrator' not
found

It looks like ntlm_auth passes "extranet\administrator" to ldap_group, but
it is changed to "extranet\5cadministrator".
Where did this "5c" come from?

Thanks,

 Oswaldo
Received on Thu Sep 04 2003 - 13:51:01 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:32 MST