RE: [squid-users] squid proxy for W2K active directoty users

Hi Jack

For group ldap

1) Find the ldapsearch command to give a "true" condition for your AD
groups i.e. the -f condition for squid_ldap_group

For AD most probably
"(&(cn=%a)(member=uid=%v,*)(objectclass=group))"

2)create acls criteria for each group

acl group1 external ldapou group_in_ad_1
acl group2 external ldapou group_in_ad_2

3) use them in http_access

http_access allow group1
http_access allow group2

Reg.
Prasanta

-----Original Message-----
From: Jack [mailto:sa_jill@yahoo.co.uk]
Sent: Thursday, February 06, 2003 3:25 PM
To: Henrik Nordstrom
Cc: Squid Users
Subject: Re: [squid-users] squid proxy for W2K active directoty users

Hello Henrik,

Thanks, Its working fine now.

Can i use squid_ldap_group for group authentication.

I set filter as cn=%a

but i am not sure that my configuration is correct.

My squid.conf related to authentication
auth_param basic program /usr/local/squid25S1/libexec/squid_ldap_auth -u
cn -b cn=Users,dc=test,dc=local -h 172.16.1.251 auth_param basic
children 5 auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

external_acl_type ldapou %LOGIN
/usr/local/squid25S1/libexec/squid_ldap_group -b
"cn=Users,dc=test,dc=local" -f "(cn=%a)" -h 172.16.1.251 acl ou_testing
external ldapou sqldap

acl url1 dstdomain .yahoo.com
http_access allow ou_testing url1
http_access deny all

when i browse www.yahoo.com i am getting access denied page.

Thanks and Regards,
Jack

> In the documentation to the LDAP helpers, shipped with Squid..
>
> Regards
> Henrik
>
>
> ons 2003-02-05 klockan 10.46 skrev Jack:
> > Hello Henrik,
> >
> > Thanks, I like to use LDAP but i did not get the schema to support
> > it.
> >
> > Can you suggest a link where i can find more information on LDAP-W2K
active
> > directory
> >
> > Regards,
> > Jack
> >
> > > Jack wrote:
> > >
> > > > Is it possible to use W2K native mode active directory for
> > authenticating
> > > > proxy users.
> > >
> > > Yes.
> > >
> > > You can use either LDAP (always works) or winbind (requires that
support
> > > for NTLM is enabled in your AD, is by default)
> > >
> > > Regards
> > > Henrik
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Everything you'll ever need on one web page
> > from News and Sport to Email and Music Charts http://uk.my.yahoo.com
> --
> Henrik Nordstrom <hno@squid-cache.org>
> MARA Systems AB, Sweden

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts http://uk.my.yahoo.com

**************************Disclaimer************************************

Information contained in this E-MAIL being proprietary to Wipro Limited is
'privileged' and 'confidential' and intended for use only by the individual
 or entity to which it is addressed. You are notified that any use, copying
or dissemination of the information contained in the E-MAIL in any manner
whatsoever is strictly prohibited.

***************************************************************************