Hi,
For anyone following this thread, I got LDAP authentication and group
membership to work. My mistake was using quotes around the filter
expression. I copied the command line, which requires the quotes,
directly into the configuration file. Squid escapes each argument again
so the quotes wound up as part of the filter expression. Wonder if squid
should warn when helper arguments are surrounded by quotes.
So the auth_param should be (all one line):
/export/home/luedtket/.opt/libexec/squid_ldap_auth -b ou=nlm,o=nih -s
sub -h 130.14.123.19 -f (&(objectClass=person)(uid=%s))
Terry Luedtke
National Library of Medicine
>>> "Terry Luedtke" <LuedtkT@mail.nlm.nih.gov> 16-Oct-02 17:38:50 >>>
Hello,
I'm trying to set up Squid 2.5 (STABLE1) to use LDAP authentication. I
can run the external command from the shell and it returns OK for my
userid and password. However, squid rejects my requests. I have the
following in squid.conf:
auth_param basic program
/export/home/luedtket/.opt/libexec/squid_ldap_auth -b ou=nlm,o=nih -s
sub -h 130.14.123.19 -f '(&(objectClass=person)(uid=%s))'
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl auth_by_ldap proxy_auth REQUIRED
acl to_cf_dev dst 130.14.16.140/255.255.255.255
130.14.16.141/255.255.255.255
acl to_cf_qa dst 130.14.16.180/255.255.255.255
http_access allow to_cf_dev
http_access allow to_cf_qa auth_by_ldap
I've run squid in non-daemon, debug mode and didn't see any errors. I
can get to the to_cf_dev addresses, but not to the to_cf_qa address.
I haven't been able to find any documentation for the 2.5 squid.conf
file, other than the file itself. Are the 2.5 docs on the web?
Thanks,
Terry Luedtke
National Library of Medicine
Received on Mon Oct 21 2002 - 14:45:49 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:45 MST