Under “TAG: auth_param” section enter the following
auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b "dc=dunns,dc=co,dc=za" -D "cn=ldapreader,cn=users,dc=mydomain,dc=com" -w "ldappassword" -f sAMAccountName=%s -h xxx.xxx.xxx.xxx
Under “TAG: external_acl_type” section enter the following
external_acl_type internetusergroup %LOGIN /usr/lib/squid/squid_ldap_group -R -b "dc=mydomain,dc=com" -D "cn=ldapreader,cn=Users,dc=mydomain,dc=com" -w "ldappassword" -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=internetusers, ,OU=xxx Groups,OU=xxx,dc=mydomain,dc=com))" -h xxx.xxx.xxx.xxx
acl ldappassword proxy_auth REQUIRED
acl internetgroup external internetusergroup internetusers
http_access allow ldappassword internetgroup Safe_ports
This works
Janco v.d Merwe
Network Administrator
Dunns Stores (PTY) Ltd
Switchboard: 011 541 3000
Direct: 011 541 3007
Fax: 086 632 1708
-----Original Message-----
From: Saqib Khan (horiba/eu) [mailto:saqib.khan@horiba.com]
Sent: 06 September, 2006 13:47
To: squid-users@squid-cache.org
Subject: [squid-users] Squid LDAP Group authentication
Dear all,
I am having some configuration problems with squid_ldap_group
authentication. I created a Testgroup namely "Testgroup" in AD containing a
test user. But If i use a user which is not a member of that group, i still
can access the internet. Here is my squid configuration:-
Tag:external_ACL
external_acl_type Internet %LOGIN /usr/lib/squid_ldap_group -R -b
"dc=test,dc=com" -D "cn=test,cn=Users,dc=horiba,dc=eu" -w "test1" -f "
(&(objectclass=person)(sAMAccountName=%v)(memberof=cn
=%a,cn=Testgroup,cn=Users,dc=test,dc=com))" -h xxx.xxx.xxx.xxx
Tag:ACL
acl Localnet external Internet Testgroup
Tag:http_access
http_access allow Localnet
Best Regards,
Saqib
____________________________________________________________________________
This communication and any attachments are confidential and intended for the sole use of the
intended recipient. Any form of copying or disclosure of this communication to any third parties
without permission is prohibited. The contents of this communication and its attachments are
not intended to be relied upon in law without subsequent written confirmation. As such, Dunns
Stores (Pty) Ltd accept no responsibility or liability (including negligence) for the consequences
of anyone acting, or not acting, on information contained therein.
If you have received this communication in error please notify us immediately and destroy or
delete it.
____________________________________________________________________________
Received on Wed Sep 06 2006 - 06:20:01 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:03 MDT