Re: [squid-users] ldap groupofnames authentication

From: <mbarton2@dont-contact.us>
Date: Fri, 21 Feb 2003 17:16:01 +0800

Thanks for the quick response... I think you are going to need to be
patient with me a little longer though...

If I have ACL's like
        acl localusers proxy_auth REQUIRED
        acl proxy_users external ldap_group proxygrp

the rules for http_access "compete" with each other-
        http_access deny !proxy_users
        http_access allow localusers

Which bit of the puzzle am I still missing?

Thanks & regards
Murray

__________________________________________________
Unix System Administrator, CSC
Ph: 08-9429-6780 Email: mbarton2@csc.com.au

----------------------------------------------------------------------------------------
This email, including any attachments, is intended only for use by the
addressee(s) and may contain confidential and/or personal information and
may also be the subject of legal privilege. Any personal information
contained in this email is not to be used or disclosed for any purpose
other than the purpose for which you have received it. If you are not the
intended recipient, you must not disclose or use the information contained
in it. In this case, please let me know by return email, delete the
message permanently from your system and destroy any copies.
----------------------------------------------------------------------------------------

Henrik Nordstrom <hno@squid-cache.org>
21/02/2003 04:21 PM

 
        To: mbarton2@csc.com.au, squid-users@squid-cache.org
        cc:
        Subject: Re: [squid-users] ldap groupofnames authentication

On Friday 21 February 2003 08.48, mbarton2@csc.com.au wrote:

> So... how *do* I get squid_ldap_group to check that user_name is a
> member of proxygrp *and* authenticate them like I did with
> squid_ldap_auth?

You make use of both.

squid_ldap_auth in the "auth_param basic .." directive,
squid_ldap_group in the "external_acl_type ..." directive.

Then they will automatically cooperate to first authentictate the
users login+password, and then authorize the user based on his group
memberships.

Regards
Henrik
Received on Fri Feb 21 2003 - 02:16:13 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:32 MST