>Perhapse the fact that Kerberos works with anonymous binary blobs? no
>username in sight.
You have to pardon me, I am not familiar enough with the inner workings
of Kerberos to understand what a binary blob is wrt to Kerberos:)
>Or if not that, something in the elided section "<...>".
I omitted it as it worked from the cli, but possibly something in the
syntax when used in the conf file is wrong (wrapped intentionally here)?
external_acl_type ldapgroup %LOGIN /usr/lib64/squid/squid_ldap_group -R
-b "DC=domain,DC=local" -D "CN=LDAP,CN=Users,DC=domain,DC=local"
-w "password" -f "(&(objectclass=person)(sAMAccountName=%v)
(memberof=cn=%a,CN=Users,DC=domain,DC=local))" -h 10.0.0.2
>The bare http_access logic is fine but assumes the LDAP group helper can
>handle what Kerberos uses for a username.
Is there a way to show what the helper is doing in the log file?
Thanks Amos,
jlc
Received on Mon Feb 01 2010 - 12:53:17 MST
This archive was generated by hypermail 2.2.0 : Tue Feb 02 2010 - 12:00:03 MST