Hi all, I have a question about configuring ldap_group external acl. I want to grant access to Squid based on user groups in Active Directory. ** The problem is when users authenticate, user will gain incorrect credential which not based on their group in LDAP. Users will be received credential from the first line of access control list which is "Admin" as explain below. Detailed Explaination: ================ My Active Directory schema is structured as follows ou=Accounts,dc=abc,dc=com Under ou=Account, there are 3 user groups as follows: 1. ou=Admin,ou=Accounts,dc=abc,dc=com 2. ou=Accounting,ou=Accounts,dc=abc,dc=com 3. ou=Marketing,ou=Accounts,dc=abc,dc=com I want to distinguish the users based on their OU which are Admin,Account and Marketing. To accomphish this, I set up squid_ldap_auth and squid_ldap_group to authenticate and authorize the users from Active Directory. (1) I use squid_ldap_auth helper to authenticate the users and it works fine. Following line is setting for squid_ldap_auth helper. auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b "dc=abc,dc=com" -D "cn=squid,ou=Admin,ou=Accounts,dc=abc,dc=com" -w password -f "(&(userPrincipalName=%s)(objectClass=person))" 10.0.0.5 (2) However, when users are authenticated successfully, they will be got a wrong credential. Squid will recognize all users as Admin group which is the first line of acl. Following lines are my setting for ldap_group external acl. external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -b "ou=Accounts,dc=abc,dc=com" -D "cn=squid,ou=Admin,ou=Accounts,dc=abc,dc=com" -w password -f "(&(ou=%g)(objectClass=organizationalUnit))" 10.0.0.5 acl Admin external ldap_group Admin acl Accounting external ldap_group Accounting acl Marketing external ldap_group Marketing I think ldap_group setting is incorrect but cannot figure it out. Please give me a clue because I cannot find which one is incorrect. Best Regards, Bunpot T.
