[squid-users] trying to understand squid_ldap_group

From: Andreas Bittner <[email protected]>
Date: Mon, 14 Nov 2005 16:54:15 +0100

Hello squid users,

im trying to figure out how the squid_ldap_auth and squid_ldap_group
stuff works, and im kinda new to ldap. i like to setup and understand a
very basic setup.

i read through a number of postings on the list, and also some webpages,
for example: <http://workaround.org/moin/SquidLdap>

just a few users in different groups, and wanting to allow certain users
http access:

my problem of understanding is basically, if i have a simple company
(ldap tree) like on that page, with three groups, it-services, sales and
management, how do i create a group that is allowed to surf the google
pages. i somehow cant figure out what the ldap tree is going to look
like then?

also do i need to use both the squid_ldap_auth and squid_ldap_group
(most of the postings i found, indicate so, but i dont understand why,
as both squid_ldap_auth and squid_ldap_group both authenticate
themselves to the ldap server)

i dont quite understand what the author of the page means by
> A group is just a list of dinstiguished names

any hints?

how does the squid_ldap_group program actually check if the user that is
http-authenticating against the squid belongs to this set of
distinguished names? do i need to add the users tim and tina somehow to
the ldap tree in cn=googleallowed,ou=Proxygroups,o=Company? what does
the ldap tree look like as whole for this example from that page?

Thanks for helping to figure it out.
Best regards.
Received on Mon Nov 14 2005 - 08:54:29 MST

This archive was generated by hypermail pre-2.1.9 : Thu Dec 01 2005 - 12:00:09 MST