Re: [squid-users] Squid_ldap_group

But when i configured squid_ldap_auth and my configuration looks like

auth_param basic program /usr/local/squid25S1/libexec/squid_ldap_auth -b
dc=xxx,dc=com -f uid=%s localhost
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
external_acl_type ldapou %LOGIN /usr/local/squid/libexec/squid_ldap_group -b
"dc=xxx,dc=com" -f "(&(uid=%v)(ou=%a))" -h localhost
acl ou_testing external ldapou Testing
acl ldapauth proxy_auth REQUIRED
http_access allow ldapauth
http_access allow ou_testing
http_access deny all

Here even users from other than "Testing" group can also able to browse but
i need only group "Testing" should browse and others should deny.

So i tried after changing http_access rules as
http_access allow ldapauth ou_testing
http_access deny all

Here i got page not found page.

As i did not find any information regarding this in squid_ldap_auth and
squid_ldap_group i am not able to proceed.

Thanks
Jack

> Yes.
>
> The squid_ldap_group only performs group membership lookups and need a
> authentication method defined to allow the user to log in. To use LDAP
> authentication you will also need to configure Squid to use
> squid_ldap_auth for authentication, and squid_ldap_group for group
> membership verifications.
>
> See the auth_param directive and the squid_ldap_auth basic authentication
> helper.
>
> Regards
> Henrik
>
>
> On Fri, 25 Oct 2002, Jack wrote:
>
> > Hello Henrik,
> >
> > Thanks,
> > When i configured proxy in browser and try to browse i did not get
> > authentication window.
> >
> > Do i need to configure LDAP authentication program?
> >
> > Regards
> > Jack
> >
> > > Sorry, the acl line should obviously read
> > >
> > > acl ou_testing external ldapou Testing
> > >
> > > Regards
> > > Henrik
> > >
> > >
> > > Jack wrote:
> > > > Hello Henrik,
> > > >
> > > > While i run squid after changing squid configuration according to
your
> > > > guide i got following error:
> > > >
> > > > 2002/10/24 19:08:41| squid.conf line 1287: acl ou_testing ldapou
Testing
> > > > 2002/10/24 19:08:41| aclParseAclLine: Invalid ACL type 'ldapou'
> > > > 2002/10/24 19:08:41| squid.conf line 1766: http_access allow ldapou
> > > > 2002/10/24 19:08:41| aclParseAccessLine: ACL name 'ldapou' not
found.
> > > > 2002/10/24 19:08:41| squid.conf line 1766: http_access allow ldapou
> > > > 2002/10/24 19:08:41| aclParseAccessLine: Access line contains no
ACL's,
> > > > skipping
> > > >
> > > > I Compiled squid with following configuration option:
> > > >
./configure --prefix=/usr/local/squid25S1 --enable-snmp --enable-ssl
> > > > --enab le-external-acl-helpers="ldap_group"
> > > >
> > > > How to set acl for ldap_group
> > > >
> > > > Thanks,
> > > > Jack
> > > >
> > > > > The -f argument to suqid_ldap_group needs to contain special codes
> > > > > referring to the login or group names. The correct
external_acl_type
> > > > > line reads:
> > > > >
> > > > > external_acl_type ldapou %LOGIN
> > > > > /usr/local/squid/libexec/squid_ldap_group -b "dc=xxx,dc=com" -f
> > > > > "(&(uid=%v)(ou=%a))" -h localhost
> > > > >
> > > > > acl ou_testing ldapou Testing
> > > > >
> > > > > These magic codes is documented in the squid_ldap_group
documentation
> > > > > shipped with Squid.
> > > > >
> > > > > Regards
> > > > > Henrik Nordström
> > > >
> > > > __________________________________________________
> > > > Do You Yahoo!?
> > > > Everything you'll ever need on one web page
> > > > from News and Sport to Email and Music Charts
> > > > http://uk.my.yahoo.com
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Everything you'll ever need on one web page
> > from News and Sport to Email and Music Charts
> > http://uk.my.yahoo.com
> >

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com
Received on Fri Oct 25 2002 - 07:02:17 MDT