i probe these configs, but arent working.<br>
auth_param basic program /usr/lib/squid/ldap_auth -Z -b "ou=group,dc=mydomain,dc=com" -D cn=admin,dc=hu -w password
auth_param basic children 10
auth_param basic credentialsttl 1 hour
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl SSL_ports port 873
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 631
acl Safe_ports port 873
acl Safe_ports port 901
acl purge method PURGE
acl CONNECT method CONNECT
no_cache deny QUERY
external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -b "ou=group,dc=mydomain,dc=com" -f (&(objectclass=posixGroup) (cn=%a) (member=%v))" -B " "cn=internet,ou=group,dc=mydomain,dc=com" -F uid="%s" -D cn=admin,dc=com -w password
acl passwd proxy_auth REQUIRED
acl passwd_group external ldap_group internet
http_access allow manager localhost
http_access allow password
http_access allow passwd_group
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
httpd_accel_single_host off
coredump_dir /var/spool/squid
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
The ldap:
com
|
mydomain
| |
users groups
| |
user1 internet
Mark Elsen írta:
On 12/5/05, CsY <csy@xxxxxxxxxx> wrote:
Hello
Can i help you?
I need set up the ldap group authentication, this rule do not working.
Any idea?
auth_param basic program /usr/lib/squid/ldap_auth -ZZ -b "ou=peoples,dc=mydomain,dc=com" ldap
external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -ZZ
-b "cn=netgroup,ou=groups,dc=mydomain,dc=com" -f
"(&(objectclass=posixGroup)(cn=%a)(member=%v))" -B
"ou=peoples,dc=mydomain,dc=com" -F uid="%s" -w pass serveraddress:serverport
acl password proxy_auth REQUIRED
acl password_group external ldap_group internet
http_access allow password_group
thanks
- Squid version ?
- OS/platform/version ?
M.
_____________ NOD32 1.1311 (20051202) Információ _____________
Az üzenetet a NOD32 antivirus system megvizsgálta.
http://www.nod32.hu