[squid-users] Squid and LDAP authentication

From: Nolan Rumble <nmr@dont-contact.us>
Date: Wed, 4 Jan 2006 11:01:23 +0200

Hi,

I'm trying to get LDAP authentication working on my squid proxy. Now
ideally I would like to only allow users in a certain group (namely,
cn=squid,ou=Group,dc=ph,dc=sun,dc=ac,dc=za which is a groupOfUniqueNames
(does this work or must I use an objectClass=posixGroup?) to
authenticate and use the proxy. How would I go about doing this? I've
added the following lines to my squid.conf file:

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hour
auth_param basic casesensitive off
auth_param basic program /usr/lib/squid/squid_ldap_auth -b
"ou=People,dc=ph,dc=sun,dc=ac,dc=za" -f "cn=squid" -s sub
fsk.ph.sun.ac.za

external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -ZZ
-b "ou=Group,dc=ph,dc=sun,dc=ac,dc=za" -f
"(&(objectclass=groupOfUniqueNames)(cn=%a)(uniqueMember=%v))" -B
"ou=People,dc=ph,dc=sun,dc=ac,dc=za" -F uid="%s" fsk.ph.sun.ac.za

acl password proxy_auth REQUIRED
acl password_group external ldap_group squid
http_access allow password_group

Any help would be appreciated!

Thanks
Nolan
Received on Wed Jan 04 2006 - 02:00:56 MST

This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST