Re: [squid-users] squid_ldap_group user authorization

From: Ytzhak Levy <[email protected]>
Date: Fri, 18 Mar 2005 22:01:03 +0800

Henrik,

Im so sorry!

I forgot to put the address of mailinglist in the CC field.

can squid_ldap_group works with other authenticator process than squid_auth_ldap ?

> Please keep discussion on the mailinglist.
>
> Both helpers come with manuals including examples for several
> different LDAP directory styles.
>
> Regards
> Henrik
>
> On Fri, 18 Mar 2005, Ytzhak Levy wrote:
>
> > thanks Henrik,
> >
> > i'd make various tests, but squid_auth_ldap dont works yet...
> >
> > does squid_auth_ldap and squid_ldap_group work together ? how ?
> >
> > I read the squid FAQ about the authenticators and i understand well.
> >
> > squid_auth_ldap athorizes a user by login password.
> >
> > But how squid_ldap_group knows that it have to check if this user
> > (currently being authenticated) belongs to a certain group (one
> > of listed in acls) ? Inside squid, how it works ?
> >
> > is there a white paper or some kind of document that describe this process ?
> >
> > I want to make my own authenticator process, however I need to
> > know how it will communicate with squid_ldap_group, which is
> > working fine.
> >
> > Im using squid 2.5 stable9 in a freebsd 5.3 and trying to
> > athenticate against AD.
> >
> >
> > thanks
> >
> >
> >
> >> On Thu, 17 Mar 2005, Ytzhak Levy wrote:
> >>
> >>> How can I authorize specific users using squid_ldap_group ?
> >>>
> >>> I'd make tests and notice that in prompt, squid_ldap_auth asks
> >>> for a login and a GROUP, not a login name and a PASSWORD.
> >>>
> >>> What helper should I use to authorize users by the pair login
> >>> password and verify if a certain user belongs to a certain group ?
> >>
> >> You use squid_ldap_auth for the authentication (login + password),
> >> then squid_ldap_group for authorization (login + group).
> >>
> >> The two is called from different directives in squid.conf.
> >> squid_ldap_auth is called from auth_param, while squid_ldap_group
> >> is called from the external_acl directive. Se the manual of each
> >> tool for details.
> >>
> >> Regards
> >> Henrik
> >
> > -- _______________________________________________
> > Get your free email from http://mymail.bsdmail.com
> >
> > Powered by Outblaze
> >

-- 
_______________________________________________
Get your free email from http://mymail.bsdmail.com
Powered by Outblaze
Received on Fri Mar 18 2005 - 07:01:05 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:02 MST