Henrik, Here is what we did and it worked. I hope that it will help you. In AD I created an OU internetusers and specified it where I needed to. Under auth_param auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b "dc=dunns,dc=co,dc=za" -D "cn=ldapreader,cn=users,dc=dunns,dc=co,dc=za" -w "ldappassword" -f sAMAccountName=%s -h (IP of DC) Under External ACL external_acl_type internetusergroup %LOGIN /usr/lib/squid/squid_ldap_group -R -b "dc=dunns,dc=co,dc=za" -D "cn=ldapreader,cn=users,dc=dunns,dc=co,dc=za" -w "ldappassword" -f "(&(objectclass=person)(sAMAccountName=%u)(memberof=cn=internetusers,OU=Dunns Groups,OU=Dunns,dc=dunns,dc=co,dc=za))" -h (IP of DC) Under acl acl ldappassword proxy_auth REQUIRED acl internetgroup external internetusergroup internetusers Janco v.d Merwe Network Administrator Dunns Stores (PTY) Ltd Switchboard: 011 541 3000 Direct: 011 541 3007 Fax: 086 632 1708 -----Original Message----- From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Sent: 01 August, 2006 08:30 To: sOngUs Cc: squid-users@xxxxxxxxxxxxxxx Subject: Re: squid_ldap_auth to authtenticate on Active Directory 2000 mån 2006-07-31 klockan 11:18 -0600 skrev sOngUs: > squid_ldap_auth -R -b cn=users,dc=mydomain,dc=com -D > "cn=administrator,cn=Users,dc=mydomain,dc=com" -w mypassword -f > sAMAccountName=%s -h 192.168.0.1 (which is the IP address of the AD > server.) > > But then id does nothing and if i press ENTER i get "ERR"... You have to give something to work on, i.e. a username and password username<space>password<enter> > Now.. the question is... which dependencies does this module have? > cause i compiled squid with the right option (i think.. otherwise > squid_ldap_auth wont be there...) none.. > And installed Openldap so ill have libldap... do i need to install > anything else? nope. > I turned on a sniffer on the box, but there is no trace of any ldap conn... > so im guessing im missing something... the LDAP connection is opened when there is a query to resolve. Regards Henrik ____________________________________________________________________________ This communication and any attachments are confidential and intended for the sole use of the intended recipient. Any form of copying or disclosure of this communication to any third parties without permission is prohibited. The contents of this communication and its attachments are not intended to be relied upon in law without subsequent written confirmation. As such, Dunns Stores (Pty) Ltd accept no responsibility or liability (including negligence) for the consequences of anyone acting, or not acting, on information contained therein. If you have received this communication in error please notify us immediately and destroy or delete it. ____________________________________________________________________________
