RE: [squid-users] squid_ldap_group trouble

From: Joseph L. Casale <jcasale_at_activenetwerx.com>
Date: Mon, 1 Feb 2010 12:53:16 +0000

>Perhapse the fact that Kerberos works with anonymous binary blobs? no
>username in sight.

You have to pardon me, I am not familiar enough with the inner workings
of Kerberos to understand what a binary blob is wrt to Kerberos:)

>Or if not that, something in the elided section "<...>".

I omitted it as it worked from the cli, but possibly something in the
syntax when used in the conf file is wrong (wrapped intentionally here)?

external_acl_type ldapgroup %LOGIN /usr/lib64/squid/squid_ldap_group -R
-b "DC=domain,DC=local" -D "CN=LDAP,CN=Users,DC=domain,DC=local"
-w "password" -f "(&(objectclass=person)(sAMAccountName=%v)
(memberof=cn=%a,CN=Users,DC=domain,DC=local))" -h 10.0.0.2

>The bare http_access logic is fine but assumes the LDAP group helper can
>handle what Kerberos uses for a username.

Is there a way to show what the helper is doing in the log file?

Thanks Amos,
jlc
Received on Mon Feb 01 2010 - 12:53:17 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 02 2010 - 12:00:03 MST