Sorry about the delayed response, we had a server go down and I had to
drop this for a few days...
>
> > -b on squid_ldap_group does not seem to have an "%" substitution to
> > add the group name and including a filter for group and the filter
> > doesn't work any of the ways I have tried it-
> > /usr/local/squid/libexec/squid_ldap_group -h
> > ldap://ldap.some.org.au -D "cn=admin,o=Internet" -w "password" -b
> > "ou=groups,dc=some,dc=org,dc=au,o=Internet" -f
> > "(&(cn=%g)("member=cn=%u,ou=people,dc=some,dc=org,dc=au,o=Internet"
> >))"
>
> Hmm.. not sure -h accepts ldap URIs, but it most likely do not.. try
> using just the hostname.
That was the problem!
Below is what I ended up with and it works perfectly!
Thanks very much for your help.
regards, Murray
# squid.conf
auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -h
ldap://lda
p.some.org.au -b "ou=people,dc=some,dc=org,dc=au,o=Internet" -D "cn=admin,
o=Internet" -w "password" -u cn
external_acl_type ldap_group %LOGIN
/usr/local/squid/libexec/squid_ldap_group -h
ldap.some.org.au -D "cn=admin,o=Internet" -w "password" -b
"ou=groups,dc=some,dc=org,dc=au,o=Internet" -f
"(&(cn=%g)("member=cn=%u,ou=people,dc=some,dc=org,dc=au,o=Internet"))"
acl localusers proxy_auth REQUIRED
acl proxy_users external ldap_group proxygrp
http_access deny !proxy_users
http_access allow localusers
Received on Wed Mar 05 2003 - 20:54:10 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:56 MST