OK. authenticator is working fine. but squid_ldap_group is not blocking according acl's. my squid.conf: external_acl_type ldap_group %LOGIN /squid/libexec/squid_ldap_group -h LDAP_SERVER_IP -b "OU=Grupos,DC=mydomain,DC=com" -f "(&(sAMAccountname=%g) (objectClass=group))" -B "CN=Users,DC=mydomain,DC=com" -F "(&(sAMAccountname=%s) (objectClass=person))" -D "AD_domain\lookup" -w lookup #dn of group: CN=CGI - Rede,OU=Global,OU=Grupos,DC=mydomain,DC=com acl REDE_GRP external ldap_group CGI\ -\ Rede # to test group authentication acl BLOCK_DOMAIN dstdomain .microsoft.com # block domain .microsoft.com to REDE_GRP group http_access deny BLOCK_DOMAIN REDE_GRP but users of group REDE_GRP still access BLOCK_DOMAIN. when I use external_acl tag from terminal and input LOGIN_NAME GROUP_NAME, squid_ldap_group returns OK. thanks > On Fri, 18 Mar 2005, Ytzhak Levy wrote: > > > Can I use squid_ldap_group with other user authenticator than > > squid_auth_ldap ? > > Yes. > > All squid_ldap_group answers is if the given condition is true in > your directory, commonly based on the login name but not even this > is a requirement. > > Regards > Henrik -- _______________________________________________ Get your free email from http://mymail.bsdmail.com Powered by Outblaze
