Dear Henrik, Request your help to resolve this problem... Thanks & Regards R V Somani ---------- Forwarded Message ----------- From: Henrik Nordstrom <hno@xxxxxxxxxxxxxxx> To: "R. V. Somani" <somani@xxxxxxxxxxxxxx> Sent: Sat, 28 May 2005 17:43:51 +0200 (CEST) Subject: Re: squid_ldap_group with SSL port on 9000 & 8443 Please use the squid-users mailinglist for Squid configuration and usage questions. Regards Henrik On Sat, 28 May 2005, R. V. Somani wrote: > Hi all, > > We have configured Squid 2.5 STABLE 10 on Redhat ES3.0, tested basic > configuration and working fine. > > We are unable to access SSL ports no 9000 & 8443 when we enable > squid_ldap_group authentication, we are accessing oracle apps through ports > 9000 & 8443. Without any authentication it is working fine. > > Following are the relavent squid.conf entries... > > 1. > > auth_param basic program /usr/lib/squid/squid_ldap_auth -b "o=CMC > Ahmedabad,c=IN" -D "cn=root,o=CMC Ahmedabad,c=IN" -w ldapserver -f uid=%s -P > -R -h 172.31.79.2 -p 389 > > 2. > external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group - b "o=CMC > Ahmedabad,c=IN" -D "cn=root,o=CMC Ahmedabad,c=IN" -F(uid=%s) > -f(&(uid=%u)(cn=%g)) -w redhat -h 172.31.79.2 -p 389 > > 3. > > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 563 8443 9000 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 563 # https, snews > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > 4. > external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group - b "o=CMC > Ahmedabad,c=IN" -D "cn=root,o=CMC Ahmedabad,c=IN" -F(uid=%s) > -f(&(uid=%u)(cn=%g)) -w ldapserver -h 172.31.79.2 -p 389 > > 5. > acl ahmusrs external ldap_group REQUIRED > > 6. > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow ahmusrs > > > Request your help to resolve problem. > > Thanks & Regards > > R V Somani > ______________________________________________________________________ > E-mail: somani@xxxxxxxxxxxxxx (M): 9825909492 > ------- End of Forwarded Message ------- R V Somani ______________________________________________________________________ CMC Limited, 6th Floor Premier House-I, Plot No. 406/2, Bodakdev,Ahmedabad. Ph.: 079-26855480,82,83 FAX : 079-26855175 E-mail: somani@xxxxxxxxxxxxxx (M): 9825909492
