Hi Everyone I am encountering an issue with this module which I don't understand. Stage 1 Setup LDAP Authentication with the following in squid.conf auth_param basic program /usr/lib64/squid/squid_ldap_auth -b "ou=People,dc=cms,dc=waikato,dc=ac,dc=nz" -f "uid=%s" localhost acl ldapauth proxy_auth REQUIRED http_access allow ldapauth Everything works as expected Great :) Stage 2 Work out what needs to be passed to squid_ldap_group After some searching of the web I come up with the following /usr/lib64/squid/squid_ldap_group -d -b "ou=People,dc=cms,dc=waikato,dc=ac,dc=nz" -f '(&(uid=%u)(memberof=cn=%g,ou=groups,ou=people,dc=cms,dc=waikato,dc=ac,dc=nz))' localhost And Testing this manually leads to the correct responses. clint is a non-existant user clintd is a valid user who is a member of tsg,mysql and staff clint tsg Connected OK group filter '(&(uid=clint)(memberof=cn=tsg,ou=groups,ou=people,dc=cms,dc=waikato,dc=ac,dc=nz))', searchbase 'ou=People,dc=cms,dc=waikato,dc=ac,dc=nz' ERR clintd mysql Connected OK group filter '(&(uid=clintd)(memberof=cn=mysql,ou=groups,ou=people,dc=cms,dc=waikato,dc=ac,dc=nz))', searchbase 'ou=People,dc=cms,dc=waikato,dc=ac,dc=nz' OK clintd student Connected OK group filter '(&(uid=clintd)(memberof=cn=student,ou=groups,ou=people,dc=cms,dc=waikato,dc=ac,dc=nz))', searchbase 'ou=People,dc=cms,dc=waikato,dc=ac,dc=nz' ERR clintd staff Connected OK group filter '(&(uid=clintd)(memberof=cn=staff,ou=groups,ou=people,dc=cms,dc=waikato,dc=ac,dc=nz))', searchbase 'ou=People,dc=cms,dc=waikato,dc=ac,dc=nz' OK So I add the following to my squid.conf file external_acl_type ldap_group %LOGIN /usr/lib64/squid/squid_ldap_group -d -b "ou=People,dc=cms,dc=waikato,dc=ac,dc=nz" -f '(&(uid=%u)(memberof=cn=%g,ou=groups,ou=people,dc=cms,dc=waikato,dc=ac,dc=nz))' localhost acl mysql external ldap_group mysql And edit the access rule to become http_access allow ldapauth mysql Squid parse and loads the configuration. If I attempt to authenticate as the valid user clintd, but with an incorrect password I am prompted to re-enter the password. If I supply valid auth information for the user clintd. I get a page saying squid is denying my request. Why is this ?? I could understand if Im passing an invalid command line to squid_ldap_group but testing it manually seems to work correctly. As this is a non-production squid configuration at present I have removed all other acls and etc that may have been interfering but still see the same behavior. Does anyone have an idea what I am doing wrong or suggestions as to how I trouble shoot this further. I am using squid-2.6.STABLE21 via CentOS 5 rpm squid-2.6.STABLE21-6.el5.x86_64 Thank you for your time Clint Dilks
