hi,
the relevant parts of my squid.conf look like this:
---- auth_param basic program /usr/lib/squid/ldap_auth -b ou=people,dc=mhcsoftware,dc=de localhost auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours external_acl_type ldap %LOGIN /usr/lib/squid/squid_ldap_group -b "ou=groups,dc=mhcsoftware,dc=de" -f "(&(memberUid=%v)(cn=%a)(objectClass=posixGroup))" -B "ou=people,dc=mhcsoftware,dc=de" -F "(uid=%s)" acl ldapauth proxy_auth REQUIRED acl ldapGauth external ldap squid http_access allow ldapGauth ---- i found no other way then using ladap_auth in addition to squid_ldap_group to get the auth request in the browser. if ther is a better way, please let me know. when i change to "http_access allow ldapauth" all users with a vaild password can use squid. but what i want is that ony users with a vaild password in the group squid can use squid. so i hit "squid_ldap_group". wiht the conifg above auth fails. when i have a look at the ldap log i see: Apr 3 15:50:30 server slapd[20926]: conn=31 op=0 BIND dn="uid=test,ou=people,dc=mhcsoftware,dc=de" method=128 Apr 3 15:50:30 server slapd[20926]: conn=31 op=0 BIND dn="uid=test,ou=people,dc=mhcsoftware,dc=de" mech=simple ssf=0 so, ldap_auth login is OK. then squid_ldap_group look up the user: Apr 3 15:50:30 server slapd[20926]: conn=32 op=0 SRCH base="ou=people,dc=mhcsoftware,dc=de" scope=2 filter="(uid=test)" this seems to work, as i can do a correspoing ldapsearch without any problem. then it tries the goup lookup: Apr 3 15:50:30 server slapd[20926]: conn=32 op=1 SRCH base="ou=groups,dc=mhcsoftware,dc=de" scope=2 filter="(&(memberUid=uid=test,ou=people,dc=mhcsoftware,dc=de)(cn=squid)(obj ectClass=posixGroup))" and i think thats the problem. when i try this as a ldapsearch i get no result. but when i seach for: (&(memberUid=test)(cn=squid)(objectClass=posixGroup)) i get the expected result. well and that filter is what i would expect when i look at my "squid_ldap_group" commandline. i do not understand why it users "memberUid=uid=test,ou=people,dc=mhcsoftware,dc=de" in sead of whats configured on the command line: "memberUid=test" i found no way to get it to use the correct filter. my ldap goup looks like this: ldapsearch -LLL -x -b "cn=squid,ou=groups,dc=mhcsoftware,dc=de" -h localhost "(objectclass=*)" dn: cn=squid,ou=groups,dc=mhcsoftware,dc=de objectClass: posixGroup objectClass: sambaGroupMapping cn: squid gidNumber: 10001 description: Squid User sambaSID: S-1-5-21-2058215362-2546287647-786178489-21003 sambaGroupType: 2 displayName: Squid User memberUid: test any help wold be nic. btw: i'my pretty new to ldap, i use <http://lam.sourceforge.net/> to manage accounts etc. TIA matthias -- Matthias Henze matthias@mhcsoftware.de Use PGP!! http://www.mhcsoftware.de/MatthiasHenze.asc - - - - - - - - - - - - - - - - - - - - - - - - - - - - MHC SoftWare GmbH voice: +49-(0)9533-92006-0 Fichtera 17 fax: +49-(0)9533-92006-6 96274 Itzgrund/Germany e-Mail: info@mhcsoftware.de - - - - - - - - - - - - - - - - - - - - - - - - - - - -Received on Sat Apr 03 2004 - 07:17:12 MST
This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:01 MDT