to all,
i followed Henrick's replies to mr Peter Homberger at Nextiraone from 7 March 2003, which helped me a lot, but i still have some unresolved issues!
i've got squid_ldap_auth working with these arguments (that's from a command line)
./squid_ldap_auth -u cn -b ou="Focus Group",ou="Retail Users",ou=Sales,dc=proton,dc=phoenix,dc=co,dc=uk ldapserver
this works fine even with the nested ou's within the parent directory, however, it doesn't check for any valid groups!!
when trying to implement similar scenario as in Peter's mail, i cannot authenticate anyone at all (note quotes used for command line tests only)
./squid_ldap_auth -b ou="Focus Group",ou="Retail Users",ou=Sales,dc=proton,dc=phoenix,dc=co,dc=uk -f
"(&(uid=%s)(objectClass=organizationalPerson))" -h ldapserver
the external helper is as follows:
the group which all Internet users are members of is "Access". at what point do i enter the group to this command line option to test it??
external_acl_type access %LOGIN /data/test/libexec/squid_ldap_group -b ou='Focus Group',ou='Retail Users',ou=Sales,dc=proton,dc=phoenix,dc=co,dc=uk -f (&(cn=%g)(member=%u)(objectClass=groupOfNames)) -F
(&(uid=%s)(objectClass=organizationalPerson)) -h ldapserver
acl lines are fine!
an example object i am trying to authenticate from the active directory is simple user set as "test" with the group Access. They are no policies implemented to this object and the fully qualified name of the object as taken from active directory is:
proton.phoenix.co.uk/Sales/Retail Users/Focus Group/test
what i would like to achieve is that individual users in the active directories would be members of a group that would give them full access to the Internet, otherwise deny all the rest of users. is there something what i am completely missing from the configuration!! when contacting the external ldap server do i need to configure any other files on squid installation?
----------------------------
using squid-2.5STABLE1
all compiled on Solaris 5.7
-- tp ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________Received on Tue Mar 18 2003 - 07:35:45 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:07 MST