Hi,
I'm trying to get LDAP authentication working on my squid proxy. Now
ideally I would like to only allow users in a certain group (namely,
cn=squid,ou=Group,dc=ph,dc=sun,dc=ac,dc=za which is a groupOfUniqueNames
(does this work or must I use an objectClass=posixGroup?) to
authenticate and use the proxy. How would I go about doing this? I've
added the following lines to my squid.conf file:
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hour
auth_param basic casesensitive off
auth_param basic program /usr/lib/squid/squid_ldap_auth -b
"ou=People,dc=ph,dc=sun,dc=ac,dc=za" -f "cn=squid" -s sub
fsk.ph.sun.ac.za
external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -ZZ
-b "ou=Group,dc=ph,dc=sun,dc=ac,dc=za" -f
"(&(objectclass=groupOfUniqueNames)(cn=%a)(uniqueMember=%v))" -B
"ou=People,dc=ph,dc=sun,dc=ac,dc=za" -F uid="%s" fsk.ph.sun.ac.za
acl password proxy_auth REQUIRED
acl password_group external ldap_group squid
http_access allow password_group
Any help would be appreciated!
Thanks
Nolan
Received on Wed Jan 04 2006 - 02:00:56 MST
This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST