To: "D & E Radel" <radel@xxxxxxxxxxx>
Cc: "Matthias Dettling" <m-dettling@xxxxxx>; <squid-users@xxxxxxxxxxxxxxx>
Sent: Tuesday, April 19, 2005 8:52 AM
Subject: Re: [squid-users] Configuring authentication with ldap_auth and two domains?
On Mon, 18 Apr 2005, D & E Radel wrote:
Do you know anything about the squid_ldap_group program? I have tried so many things but cannot get an "OK" from it. Do you have any samples that work?
It shares a lot of the configuration syntax with squid_ldap_auth. The pieces needed is
a) User search filter (same as squid_ldap_auth, but other option)
b) A Bind-DN if the directory does not allow anonymous searches
c) A group search filter to lookup if the user is member of the requested group. The user login or DN and the group name can be substituted into the filter string by % codes.
A normal group search filter looks like
-f "(&(objectClass=groupOfNames)(cn=%g)(member=%u))"
looking for a groupOfNames object with the group name as name and the user as member.
Or any idea on how to run from the commandline?
Mostly the same as squid_ldap_auth, except that it expects a list of group names instead of password.
We are trying to allow block access to certain sites to a certain group, but not another group. Am I too ambitious? ;-)
Pretty standard thing for using squid_ldap_group.
Regards Henrik
Thanks Henrik. :-)
