> I am still having trouble getting squid to authenticate based on ldap group
> membership and user password. Here is what I have:
> [...]
Looks okay. Can you do the external_acl_type call manually and enter
"username group<enter>" and get an "OK" when you expect it?
> acl localusers proxy_auth REQUIRED
> acl proxy_users external ldap_group proxygrp
> http_access deny !proxy_users
> http_access allow localusers
>
> In this configuration entering a username which is in the proxygrp in LDAP
> gets access even if the password is wrong, if I swap the http_access rules
> around then a username given with the right password will get access even
> if they are not a member of the proxygrp, removing the deny ! proxy_users
> line also results in the proxygrp not being checked.
>
> How do I get the equivalent of "http_access allow if localusers *and*
> proxy_users"?
We just had this question on another thread. If you want to 'and' two
ACLs you write them in one line like in
"http_access allow localusers proxy_users".
Christoph
-- ~ ~ ".signature" [Modified] 3 lines --100%-- 3,41 AllReceived on Thu Feb 27 2003 - 05:13:20 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:44 MST