Hi,
I would like to authenticate Active Directory users via LDAP and group membership. My setup seems to work fine except for one little thing.
First here is my config:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 40
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 1 minutes
external_acl_type LDAPGROUP %LOGIN /usr/libexec/squid_ldap_group -b "ou=MYCIE,dc=mycie,dc=com" -D "cn=USERNAME,ou=ITS,ou=MYCIE,dc=mycie,dc=com" -w MYPASS -f "(&(samAccountName=%v)(memberOf=cn=%a,ou=ITS,ou=MYCIE,dc=mycie,dc=com))" -p 389 -S -P -d -h 10.64.1.10
acl AXS external LDAPGROUP Internet_access
http_access allow AXS all
http_access deny all
It works fine, if the user is in the AD group Internet_access, he can browse the internet, if he's not in the group, he can't.
The problem:
The problem is if I modify a user access (remove or add in Internet_access) I need to use "squid -k reconfigure" to apply the changes.
Is there something I can change that wouldn't required a squid reconfigure?
I also seen some post about squid_ldap_auth, does it only support basic auth? Would it solve my problem?
Thanks for the help,
Jean-Philippe
Received on Wed Feb 16 2005 - 17:40:08 MST
This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST