mån 2007-01-22 klockan 23:09 +0100 skrev kRiZiO LoRd: > auth_param basic program /usr/lib/squid/ldap_auth -R -b > "dc=raah,dc=local" -D "cn=Administrador,cn=squid > _users,ou=Users,dc=raah,dc=local" -w "admin" -f sAMAccountName=%s -h > 192.168.0.90 Looks reasonable, but the Administrator DN doesn't look the way I am used to.. If you are not sure about the LDAP DN of the search user then MS AD also accepts binding to the username directly user@ad-domain > external_acl_type InetGroup %LOGIN /usr/lib/squid/squid_ldap_group -R > -b "dc=raah,dc=local" -D "cn=Administrador,ou=Users,dc > =raah,dc=local" -w "admin" -f > "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=Users,dc=raah,dc=local))" > -h 192.168.0.90 Usually one uses squid_ldap_group in a different manner, looking for groups having the user as member rather than groups being mentioned in the user object, but assuming all groups you need fits in the above group DN pattern cn=<groupname>,ou=Users,dc=raah,dc=local the above should work.. To do it the "normal" way, use the -F option specifying the search filter from squid_ldap_auth, then -f specifying a group filter, usually just "(&(objectclass=groupOfNames)(member=%u)(cn=%g))" But before looking into using groups, verify that the login part works (squid_ldap_auth). Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
