Re: [squid-users] Configuring authentication with ldap_auth and two domains?

From: D & E Radel <[email protected]>
Date: Tue, 19 Apr 2005 08:59:07 +1200

From: "Henrik Nordstrom" <hno@squid-cache.org>
To: "D & E Radel" <radel@inet.net.nz>
Cc: "Matthias Dettling" <m-dettling@gmx.de>; <squid-users@squid-cache.org>
Sent: Tuesday, April 19, 2005 8:52 AM
Subject: Re: [squid-users] Configuring authentication with ldap_auth and two
domains?

> On Mon, 18 Apr 2005, D & E Radel wrote:
>
>> Do you know anything about the squid_ldap_group program? I have tried so
>> many things but cannot get an "OK" from it. Do you have any samples that
>> work?
>
> It shares a lot of the configuration syntax with squid_ldap_auth. The
> pieces needed is
>
> a) User search filter (same as squid_ldap_auth, but other option)
>
> b) A Bind-DN if the directory does not allow anonymous searches
>
> c) A group search filter to lookup if the user is member of the requested
> group. The user login or DN and the group name can be substituted into the
> filter string by % codes.
>
> A normal group search filter looks like
>
> -f "(&(objectClass=groupOfNames)(cn=%g)(member=%u))"
>
> looking for a groupOfNames object with the group name as name and the user
> as member.
>
>> Or any idea on how to run from the commandline?
>
> Mostly the same as squid_ldap_auth, except that it expects a list of group
> names instead of password.
>
>> We are trying to allow block access to certain sites to a certain group,
>> but not another group. Am I too ambitious? ;-)
>
> Pretty standard thing for using squid_ldap_group.
>
> Regards
> Henrik

Thanks Henrik. :-)
Received on Mon Apr 18 2005 - 14:58:23 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:04 MDT