Re: [squid-users] authenticate_ttl not working

On Tuesday 10 December 2002 04.22, Lee, Jason wrote:
> It this still querying the LDAP server for username/password
> because we are using specifially the squid_ldap_group external
> helper, or will it prompt for a password for all external helpers.
> In our case we will be writing a custom helper to check a database
> for a quota.

It will prompt for a password due to %LOGIN in the external_acl_type
specification.

The actual login is managed according to your auth_param settings.

Both proxy_auth and external_acl_type with %LOGIN requires the login
to have completed before the ACL can be verified.

> I am trying
>
> acl group external ldap_group "Domain Users" , but get the error
> message
>
> 2002/12/10 13:20:21| strtokFile: Domain not found

You currently cannot specify groups with spaces in them. A limitation
of the squid.conf format. See the known bugs page.

> I am also not sure if I am using the correct filter
>
> -f (&(samaccountname=%v)(group=%a))
>
> I am guessing is is passing samaccountname from LDAP, but what
> should group be?

This depends on the structure of your LDAP server.

However, the above filter is only makes sense for authentication, not
group memberships.

I would recommend to start playing a little with ldapsearch until you
have found a suitable search filter that allows you to query if a
specific user is member of a specific group. The filter should
include both the group name and the user name (either by login or
full DN).

Based on the above filter I assume you are using the samaccountname as
login name, not the main attribute of the users DN. Then you MUST
upgrade your ldap group helper. The upgraded version is available in
current Squid-2.5 snapshots or as a patch from the known bugs page.

Usually filters to the "old" squid_ldap_group helper looks something
like

  -f '(&(member=cn=%v,*)(cn=%a))'

Or to the new helper

   -F [same as -f to squid_ldap_auth] -f '(&(member=%u)(dn=%g))

Regards
Henrik
Received on Tue Dec 10 2002 - 02:09:49 MST