Search squid archive

Re: [squid-users] squid_ldap_group user authorization

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Did you test this filter and your credentials with ldapsearch ?
this is the first step.

then test squid_auth_auth from a terminal. I dont know if squid_ldap_auth have a debug mode as squid_ldap_group.

squid_auth_ldap didnt work in my site, but i build a perl script that do (basically) the same thing:

#!/usr/bin/perl

$| = 1;
while(<>){

        ($user,$passwd) = split;
        $res = system("ldapsearch -h SERVR_IP -b BASE_SEARCH -D \"AD_domain\\$user\" -w $passwd \"(sAMAccountName=$user)\" > /dev/null");
        if ($res == 0){ print "OK\n"; }
        else { print "ERR\n"; }

}

this works well in Active Directory.

replace the filter with the attributes that you want to find.


cheers


>
> Please tell me your syntax that you use in your conf. file.
> 
> Here is what I have ...
> 
> auth_param basic program /usr/lib/squid/squid_ldap_auth -h 
> ldapsrv1.mitre.org -b "o=mitre.org" -D "ou=people,o=mitre.org" -f 
> "(&(CN=%s)(memberOf=CN=osis_proxyauth_lg))"
> 
> So when I tried to use this proxy, the dialog box pops up. I type 
> in username and pasword but it fails with error in squid.log ...
> 1111177616.481     12 india.mitre.org TCP_DENIED/407 1742 POST 
> http://shttp.msg.yahoo.com/notify/ jkamdar NONE/- text/html
> 
> It doesn't even tries to access my ldapserver, so something is 
> wrong on my config.
> 
> Can you please help me out?
> 
> Thanks,
> Jayesh
> 
> Ytzhak Levy wrote:
> 
> > Thanks !!!
> >
> > All works fine now.
> >
> > The only thing that i have to did is to put AD_domain\\lookup, in 
> > the login name param.
> >
> >
> > Cheers
> >
> >
> >
> >
> >
> >> On Sat, 19 Mar 2005, Ytzhak Levy wrote:
> >>
> >>
> >>
> >>> #dn of group: CN=CGI - Rede,OU=Global,OU=Grupos,DC=mydomain,DC=com
> >>> acl REDE_GRP external ldap_group CGI\ -\ Rede
> >>>
> >>>
> >> This does not work.
> >>
> >> Currently the only way to define acl elements with spaces in 
> >> them is to use an acl file.
> >>
> >> acl REDE_GRP external ldap_group "/path/to/group.txt"
> >>
> >> where /path/to/group.txt contains
> >> CGI - Rede
> >>
> >> Regards
> >> Henrik
> >>
> >>
> >
> >
> >

-- 
_______________________________________________
Get your free email from http://mymail.bsdmail.com

Powered by Outblaze
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux