Re: [squid-users] Syntax Correct group_ldap_auth ?

Thanks Henrik.

My browser asks me indeed for the authentification, but he sends back me "access denied"
while I make left well the Internet group.

A question Henrik :
Where i define the name of the group in which to do the searchresearch ?
I want that only the users belonging to the internet group have access to the proxy.

My squid.conf
auth_param basic program /usr/lib/squid/squid_ldap_auth -u uid -b
ou=public,ou=cicoa,o=cnamts,c=fr -h hermes1.cicoa.cnamts.fr -p 389
auth_param basic children 5
auth_param basic realm Squid proxy-caching web serveruth_param basic program
auth_param basic credentialsttl 2 hours

external_acl_type ldapou %LOGIN /usr/lib/squid/group_ldap_auth -b
"ou=public,ou=cicoa,o=cnamts,c=fr" -f
"(&(cn=%v)(member=uid=%d,*)(objectClass=groupOfNames))" -h hermes1.cicoa.cnamts.fr -p 389

acl ou_Testing external ldapou GR-I-CICOA
http_access allow ou_Testing
http_access deny all

INFO : The really name of the group in my LDAP DB is GR-I-CICOA

THANKS FOR ALL HENRIK !

Henrik Nordstrom a écrit :

> tor 2002-11-07 klockan 14.39 skrev ROUTIER Gilles:
>
> > I would like tu use group_ldap_auth
> > I have a group which names INTERNET, and I would want that only the persons of this
> > group can reach Proxy.
> > But, I do not know or to specify the name of the group ?
> > You can say to me if the syntax is correct?
>
> It depends on what your LDAP group objects looks like.
>
> > external_acl_type ldapou %LOGIN /usr/lib/squid/group_ldap_auth -b
> > "ou=public,ou=cicoa,o=cnamts,c=fr" -f "(&(cn=INTERNET)(uid=%v)(ou=%a))" -h
> > hermes1.cicoa.cnamts.fr -p 389
>
> Your filter does not look right. "(&(cn=%v)(uid=%v))" might work, but
> more likely the group filter you are after looks something like
> "(&(cn=%v)(member=uid=%d,*)(objectClass=groupOfNames))".
>
> What is the output of
>
> ldapsearch -x -b "ou=public,ou=cicoa,o=cnamts,c=fr" cn=INTERNET
>
> Regards
> Henrik Nordström
> MARA Systems AB, Sweden
Received on Thu Nov 07 2002 - 08:47:07 MST