Re: squid ldap group authentication

[CsY <csy@xxxxxxxxxx>]

i probe these configs, but arent working.<br>
auth_param basic program /usr/lib/squid/ldap_auth -Z -b "ou=group,dc=mydomain,dc=com" -D cn=admin,dc=hu -w password
auth_param basic children 10
auth_param basic credentialsttl 1 hour
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern .		0	20%	4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl SSL_ports port 873 
acl Safe_ports port 80 
acl Safe_ports port 21 
acl Safe_ports port 443 563
acl Safe_ports port 70 
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 631
acl Safe_ports port 873
acl Safe_ports port 901
acl purge method PURGE
acl CONNECT method CONNECT
no_cache deny QUERY
external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -b "ou=group,dc=mydomain,dc=com" -f (&amp;(objectclass=posixGroup) (cn=%a) (member=%v))" -B " "cn=internet,ou=group,dc=mydomain,dc=com" -F uid="%s" -D cn=admin,dc=com -w password
acl passwd proxy_auth REQUIRED
acl passwd_group external ldap_group internet
http_access allow manager localhost
http_access allow password
http_access allow passwd_group
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
httpd_accel_single_host off
coredump_dir /var/spool/squid
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

The ldap:

com
|
mydomain
|	|
users   groups
|	  |
user1	internet



Mark Elsen írta:
> On 12/5/05, CsY <csy@xxxxxxxxxx> wrote:
>   
> > Hello
> >
> > Can i help you?
> > I need set up the ldap group authentication, this rule do not working.
> > Any idea?
> >
> > auth_param basic program /usr/lib/squid/ldap_auth -ZZ -b "ou=peoples,dc=mydomain,dc=com" ldap
> >
> > external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -ZZ
> > -b "cn=netgroup,ou=groups,dc=mydomain,dc=com" -f
> > "(&(objectclass=posixGroup)(cn=%a)(member=%v))" -B
> > "ou=peoples,dc=mydomain,dc=com" -F uid="%s" -w pass serveraddress:serverport
> >
> > acl password proxy_auth REQUIRED
> > acl password_group external ldap_group internet
> >
> >
> > http_access allow password_group
> >
> > thanks
> >
> >
> >
> >     
>
>
>  - Squid version ?
>  - OS/platform/version ?
>
>  M.
>
>  _____________ NOD32 1.1311 (20051202) Információ _____________
>
> Az üzenetet a NOD32 antivirus system megvizsgálta.
> http://www.nod32.hu
>
>
>
>