Dear Squid Users
I have some problems configuring authentication of ldap users.
The idea behind my configuration is that only users in a existing LDAP Group
will be authenticated sucessfully.
In this example it's my own user with the login ID phom.
What's wrong in my config, because the user will not be authenticated.
Squid access.log:
1046945867.315 287 10.1.15.238 TCP_DENIED/407 1805
My LDAP Group:
# Security-Group, security, nextiraone, ch
dn: cn=Security-Group,ou=security,o=nextiraone,c=ch
objectClass: groupOfNames
objectClass: groupOfUniqueNames
cn: Security-Group
member: cn=FW1-Template,o=nextiraone,c=ch
member: cn=Homberger Peter,ou=security,o=nextiraone,c=ch
uniqueMember: uid=phom,ou=security,o=nextiraone,c=ch
My User:
# Homberger Peter, security, nextiraone, ch
dn: cn=Homberger Peter,ou=security,o=nextiraone,c=ch
objectClass: person
objectClass: uidObject
objectClass: organizationalPerson
cn: Homberger Peter
sn: Homberger
uid: phom
userPassword: **********
My squid.conf
auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -u uid -b
ou=security,o=nextiraone,c=ch
auth_param basic children 5
auth_param basic realm "Authentication for Internet Access is required!
Please note that all traffic should me monitored for statistic purposes!"
auth_param basic credentialsttl 2 hours
external_acl_type ldap_group %LOGIN
/usr/local/squid/libexec/squid_ldap_group -b "ou=security,o=nextiraone,c=ch"
-f '(&(cn=%v)(member=uid=%d,*)(objectClass=groupOfNames))'
acl group_Internet external ldap_group Security-Group
http_access allow group_Internet
http_access deny all
Mit freundlichen Grüssen
With kind regards
Peter Homberger
NextiraOne Schweiz GmbH
Peter Homberger
Consultant Security / NMS
Industriestasse 30, CH-8203 Kloten
Tel: +41 1 815 32 65
Fax: +41 1 813 53 24
mailto:peter.homberger@nextiraone.ch
http://www.nextiraone.ch
Received on Thu Mar 06 2003 - 03:02:49 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:57 MST