Re: [squid-users] AD auth with squid 2.5

In message <1043864406.13381.75.camel@henrik.marasystems.com>
          Henrik Nordstrom <hno@squid-cache.org> wrote:
> ons 2003-01-29 klockan 18.46 skrev Daniel Barron:
> > I have compiled squid 2.5 with the external acl group ldap support and
> > installed it on a clean redhat 8 with no previous squid. By default the
> > openldap libraries were installed.
> >
> > What happens is I just get cache access denied must authorise without
> > asking for a user/pass.
> >
> > I get no errors in syslog.
> >
> > squid access.log:
> >
> > 1043860359.309 55 192.168.254.2 TCP_DENIED/407 1679 GET http://acorn.cybervillage.co.uk/ - NONE/- text/html
> >
> > squid.conf:
> >
> > external_acl_type ldap_auth %LOGIN /usr/local/squid/libexec/group_ldap_auth -b "dc=jadeb,dc=com" -h 192.168.254.23 -g distinguishedName -u cn -S
> >
> > acl ldap_webaccess external ldap_auth CN=WebAccess,OU=Groups,dc=jadeb,dc=com
> >
> > http_access allow ldap_webaccess
> >
> >
> > There is surely something obvious wrong here. I have followed the info
> > in the man page for the group_ldap_auth and tied it with info on this
> > page:
> >
> > http://group-ldap-auth.sourceforge.net/
> >
> > So its a bit of a guess.
> >
> > Whats wrong? Do I need the other basic_auth LDAP helper as well?

> You are mixing two unrelated threads.
>
> group_ldap_auth is an earlier patch for Squid-2.4. It is not related to
> the external_acl feature of Suqid-2.5 (as used for group membership
> lookups).
>

Yes I understand they are different.

>
> For information on how to configure Squid-2.5 see the documentation of
> squid_ldap_auth and squid_ldap_group, both shipped with the Squid
> sources.

I have the squid 2.5S1 source and can only find a squid_ldap_group helpers
dir. It contains only a man file which is also the only documentation I
can find at the below url.

>
> The current version of squid_ldap_group can also be found including
> documentation at http://marasystems.com/download/LDAP_Group/

I followed the docs to write the acl lines and after checking again they
look correct. But squid is not prompting for a user/pass as I would expect.

Whats wrong with what I've done? What do I need to do to get squid to
prompt for the user/pass?

-- 
Daniel Barron
(Visit http://dansguardian.org/ - True web content filtering for all)