My version is 2.5Stable2
D:\Lotus\Domino>ldapsearch -h 172.25.0.19 -p 389 cn="CAS_NU_Internetuser"
CN=CAS_NU_Internetuser
cn=CAS_NU_Internetuser
mail=CAS_NU_Internetuser@contiteves.com
objectclass=top
objectclass=groupOfNames
objectclass=dominoGroup
member=CN=Klaus Steger,OU=nu,OU=eu,OU=au,O=cag
member=CN=Stefan Vogel,OU=nu,OU=eu,OU=au,O=cag
The ldapsearch shows:
D:\Lotus\Domino>ldapsearch -h 172.25.0.19 -p 389 "
(&(cn=CAS_NU_Internetuser)(obj
ectClass=groupOfNames)(member=CN=Stefan
Vogel,OU=nu,OU=eu,OU=au,O=cag))"
CN=CAS_NU_Internetuser
cn=CAS_NU_Internetuser
mail=CAS_NU_Internetuser@contiteves.com
objectclass=top
objectclass=groupOfNames
objectclass=dominoGroup
member=CN=Klaus Steger,OU=nu,OU=eu,OU=au,O=cag
member=CN=Stefan Vogel,OU=nu,OU=eu,OU=au,O=cag
Changing the -F to the same as in the ldap_auth has no effect. and changing
to %g has also no effect.
Is it possible, that in "member=%u" the %u is not correctly set as "CN
=.....,OU=..."? Can I check this in some way?
Regards
Stefan
Henrik Nordstrom
<hno@squid-cache.
org> To
Stefan.Vogel@temic.com
03.04.2003 16:06 cc
squid-users@squid-cache.org
Subject
Re: [squid-users] Authentification
against DominoNotes LDAP
Which Squid version are you using? (2.5.STABLE2 required)
What is the exact contents of your LDAP group again? (my memory is
short..)
Does the -f filter specification to squid_ldap_group work when you use
ldapsearch manually?
Try changing the -F argument to exacly the same as used for -f in
squid_ldap_auth.
CAS_NU_Internetuser in your -f argument should be %g for the group name,
but this is another issue not related to your problems..
Regards
Henrik
tor 2003-04-03 klockan 15.29 skrev Stefan.Vogel@temic.com:
> Hello again,
>
> I have now set up my squid.conf like this
>
> =====================================START
> .....
> external_acl_type inetusers %LOGIN
> /usr/local/squid/libexec/squid_ldap_group -b "o=cag" -f "
> (&(cn=CAS_NU_Internetuser)(objectClass=groupOfNames)(member=%u))" -F "
> (&(uid=%s)(objectClass=Person))" 172.25.0.19
> ...
> acl ldap_password proxy_auth required
> acl inet_users external inetusers CAS_NU_Internetuser
> ...
> auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b
> "o=cag" -f uid=%s 172.25.0.19
> ...
> http_access allow inet_users
> http_access deny all
> ...
> =====================================END
>
> but it does not work. (noone can access, not users in the group, and not
> users that are not in the group)
> When changing the last line to ALLOW ALL, everyone can access, even if
not
> in the group.
>
>
> Without group-checking it worked fine with this
> =====================================START
> .....
> acl ldap_password proxy_auth required
> ...
> auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b
> "o=cag" -f uid=%s 172.25.0.19
> ...
> http_access allow ldap_password
> http_access allow all
> ...
> =====================================END
> (what I don't understand is, that I have to put the last ALLOW ALL, to
make
> it work. With this only authenticated users can access, others don't.
With
> DENY ALL noone can access.)
>
>
> Any suggestions, what is my fault?
>
> Regards
> Stefan
-- Free Squid-users support provided by Henrik Nordström <hno@squid-cache.org> PayPal donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org&cn=Comment If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Thu Apr 03 2003 - 08:07:08 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:39 MST