[squid-users] ldap groupofnames authentication from mbarton2@dont-contact.us on 2003-02-21 (squid-users)

From: <mbarton2@dont-contact.us>
Date: Fri, 21 Feb 2003 15:48:28 +0800

Hi,
I am using squid-2.5.STABLE1-20030128 and Sun Directory services (LDAP) V3.1

I can authenticate using squid_ldap_auth like follows-

/usr/local/squid/libexec/squid_ldap_auth -h ldap://ldap.some.org.au -b
"ou=people,dc=some,dc=org,dc=au,o=Internet" -D "cn=admin,o=Internet" -w
"password" -u cn

In ldap I have a "groupofnames"
cn=proxygrp,ou=groups,dc=some,dc=org,dc=au,o=Internet
which has members like
cn=user_name,ou=people,dc=some,dc=org,dc=au,o=Internet

The following-
libexec/squid_ldap_group -h ldap://ldap.some.org.au -D
"cn=admin,o=Internet" -w "password" -b
"ou=groups,dc=some,dc=org,dc=au,o=Internet" -f
"member=cn=%v,ou=people,dc=some,dc=org,dc=au,o=Internet" -B
"ou=people,dc=some,dc=org,dc=au,o=Internet"

Picks up if a user is a member of the proxygrp or not but doesn't
authenticate the password. I have tried many variations on the above
including-

libexec/squid_ldap_group -h ldap://ldap.some.org.au -D
"cn=admin,o=Internet" -w "password" -b
"ou=groups,dc=some,dc=org,dc=au,o=Internet" -f
"member=cn=%v,ou=people,dc=some,dc=org,dc=au,o=Internet" -B
"ou=people,dc=some,dc=org,dc=au,o=Internet" -F "cn=%s"
with or without -u cn and variations on the -F argument...

So... how *do* I get squid_ldap_group to check that user_name is a member
of proxygrp *and* authenticate them like I did with squid_ldap_auth?

Any help would be muchly appreciated!

Thanking you in advance
Murray

__________________________________________________
Unix System Administrator, CSC
Ph: 08-9429-6780 Email: mbarton2@csc.com.au

----------------------------------------------------------------------------------------
This email, including any attachments, is intended only for use by the
addressee(s) and may contain confidential and/or personal information and
may also be the subject of legal privilege. Any personal information
contained in this email is not to be used or disclosed for any purpose
other than the purpose for which you have received it. If you are not the
intended recipient, you must not disclose or use the information contained
in it. In this case, please let me know by return email, delete the
message permanently from your system and destroy any copies.
----------------------------------------------------------------------------------------
Received on Fri Feb 21 2003 - 00:48:04 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:31 MST