Joseph L. Casale wrote:
I am trying to supplement squid_kerb_auth with squid_ldap_group, from
the cli, my external_acl_type string works fine, username and group
pairs return expected results.
Disregarding the ldap group check, the following authenticates correctly:
acl auth proxy_auth REQUIRED
http_access deny !auth
http_access allow auth localnet
http_access deny all
But when I modify it as follows it breaks:
external_acl_type ldapgroup %LOGIN /usr/lib64/squid/squid_ldap_group <...>
acl auth proxy_auth REQUIRED
acl acl_ldap external ldapgroup adGroup
http_access deny !auth
http_access allow auth acl_ldap localnet
http_access deny all
Anyone see what I have done wrong?
Thanks,
jlc
Perhapse the fact that Kerberos works with anonymous binary blobs? no
username in sight.
Or if not that, something in the elided section "<...>".
The bare http_access logic is fine but assumes the LDAP group helper can
handle what Kerberos uses for a username.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21
Current Beta Squid 3.1.0.15
