On Dec 4, 2006, at 9:04 PM, Henrik Nordstrom wrote:
There is a man page for squid_ldap_auth trying to explain most uses.. man -M /usr/local/squid/man squid_ldap_auth
Thanks. I'll re-install during some network down time and make sure that this stuff is installed this time. Apparently, I did not choose the LDAP optional support in the FreeBSD port when I installed it a while ago.
BTW, sorry for the delayed reply. Real life got in the way and all that...
* Which user attribute carries the information you want to use as login?
Not sure. How do I find out? (Sorry, but I use LDAP for MacOS X authentication from MacOS X workstations to a MacOS X server.)
* Based DN of your LDAP tree
IIRC, its dc=dir,dc=domain,dc=tld with obvious substitutions.
* If anonymous searches is allowed.
Yes. I already set up SquirrelMail's address book to search the directory and this did not require any username/password pair.
Please ignore pam_auth. It's just a last resort thing when there is no other helpers available. You should only go down that path if you want to use the LDAP for system authentication as well.
Ah! Thanks for the info. That is a pretty major point all by itself. Since the proxy is supposed to be an admin-only area, PAM was definitely the wrong way to go.
Jaime
