I have done the changes you written me.
I have tooken squid-2.5.STABLE1 together with ldap_auth_group version 2.10.
If the quotes will be removed an syntax error near unexpected token `&'
receives.
There is also no bug in the buglist.
Any idea?
Now squid.conf looks like:
auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b
ou=security,o=nextiraone,c=ch -f
"(&(uid=%s)(objectClass=organizationalPerson))"
auth_param basic children 5
auth_param basic realm "Authentication for Internet Access is required!
Please note that all traffic could me monitored for statistic purposes!"
auth_param basic credentialsttl 2 hours
external_acl_type ldap_group %LOGIN
/usr/local/squid/libexec/squid_ldap_group -b "ou=security,o=nextiraone,c=ch"
-f "(&(cn=%v)(member=uid=%d,*)(objectClass=groupOfNames))"
acl group_Internet external ldap_group Security-Group
http_access allow group_Internet
http_access deny all
Mit freundlichen Grüssen
With kind regards
Peter Homberger
NextiraOne Schweiz GmbH
Peter Homberger
Consultant Security / NMS
Industriestasse 30, CH-8203 Kloten
Tel: +41 1 815 32 65
Fax: +41 1 813 53 24
mailto:peter.homberger@nextiraone.ch
http://www.nextiraone.ch
-----Ursprüngliche Nachricht-----
Von: Henrik Nordstrom [mailto:hno@squid-cache.org]
Gesendet: Donnerstag, 6. März 2003 12:33
An: Homberger Peter
Cc: 'squid-users@squid-cache.org'
Betreff: Re: [squid-users] Squid_ldap_group
tor 2003-03-06 klockan 11.02 skrev Homberger Peter:
> My LDAP Group:
>
> # Security-Group, security, nextiraone, ch
> dn: cn=Security-Group,ou=security,o=nextiraone,c=ch
> objectClass: groupOfNames
> objectClass: groupOfUniqueNames
> cn: Security-Group
> member: cn=FW1-Template,o=nextiraone,c=ch
> member: cn=Homberger Peter,ou=security,o=nextiraone,c=ch
> uniqueMember: uid=phom,ou=security,o=nextiraone,c=ch
>
>
> My User:
>
> # Homberger Peter, security, nextiraone, ch
> dn: cn=Homberger Peter,ou=security,o=nextiraone,c=ch
> objectClass: person
> objectClass: uidObject
> objectClass: organizationalPerson
> cn: Homberger Peter
> sn: Homberger
> uid: phom
> userPassword: **********
>
> My squid.conf
>
> auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -u
> uid -b ou=security,o=nextiraone,c=ch
This is a problem... what you want is something like this:
squid_ldap_auth -b ou=security,o=nextiraone,c=ch -f
(&(uid=%s)(objectClass=organizationalPerson)) -h your.ldap.server
the -u argument is only applicable if the user login name is the last
component of the user DN (cn=Homberger Peter in your case).
> external_acl_type ldap_group %LOGIN
> /usr/local/squid/libexec/squid_ldap_group -b
> "ou=security,o=nextiraone,c=ch" -f
> '(&(cn=%v)(member=uid=%d,*)(objectClass=groupOfNames))'
Looks good, but you might want to upgrade to a later version of
squid_ldap_group to simplify the filter somewhat.. also your probably need
to remove the quotes around the filter specification. See also the known
bugs page..
Regards
Henrik
-- Henrik Nordstrom <hno@squid-cache.org> MARA Systems AB, SwedenReceived on Fri Mar 07 2003 - 02:32:13 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:57 MST