Hi Rickifer,
squid_kerb_ldap does not require squid_kerb_auth. You can use command line
options for ldap and a default realm.
ext_kerberos_ldap_group_acl [-h] [-d] [-i] [-s] [-a] [-D Realm ] [-N
Netbios-Realm-List] [-m Max-Depth] [-u Ldap-User] [-p Ldap-Password] [-b
Ldap-Bind-Path] [-l Ldap-URL] [-S ldap server list] -g Group-Realm-List -t
Hex-Group-Realm-List -T Hex-Group-Hex-Realm-List
Markus
"Rickifer Barros" <rickiferbarros@xxxxxxxxx> wrote in message
news:CAD1agDxyKH0acW1u84ysDVVGQnf2vUajR4xhnOH=d=M4fXjEPg@xxxxxxxxxxxxxx...
Hi Eugene,
yes, that's true, but this only works together the program
squid_kerb_auth. So this require my computer inside a domain. I need
that it works with a popup to type username and password.
I tried:
- to use squid_kerb_auth with the parameter "auth_param basic program"
(DOESN'T WORK)
- to use squid_ldap_auth to autenticate and squid_kerb_ldap to search.
It authenticates but doesn't search. (DOESN'T WORK)
- to use "auth_param negotiate program squid_kerb_auth" with
"squid_kerb_ldap" to search, with my computer inside a domain. (IT
WORKS!) But without username/password popup.
Is there some way to join "Authentication via Popup" + "Recursive Query"?
Thanks Guys.
On Fri, Aug 10, 2012 at 12:57 AM, Eugene M. Zheganin <eugene@xxxxxxxxx>
wrote:
Hi.
On 10.08.2012 01:10, Rickifer Barros wrote:
Hi squid users,
I have a question about the helper squid_ldap_group whose don't find
in the internet. I'm testing it and I noticed that it don't recognize
groups inside group, but only read users inside group.
The command I'm using is like this: external_acl_type AD_GROUP %LOGIN
/usr/lib/squid3/squid_ldap_group -R -P -b "dc=domain,dc=yyy" -D
"cn=user,dc=domain,dc=yyy" -w "password" -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn="%a",ou="example",dc=domain,dc=yyy))"
-h yyy.yyy.yyy.yyy
Is there a way to squid_ldap_group to read the groups into the other
group?
Afaik, the only way to let the squid know about nested groups is to use a
squid_kerb_ldap instead of the squid_ldap_group.
Eugene.
