[squid-users] ldap

From: Tomas Palfi <tpalfi@dont-contact.us>
Date: Tue, 18 Mar 2003 14:34:01 -0000

to all,

i followed Henrick's replies to mr Peter Homberger at Nextiraone from 7 March 2003, which helped me a lot, but i still have some unresolved issues!

i've got squid_ldap_auth working with these arguments (that's from a command line)

./squid_ldap_auth -u cn -b ou="Focus Group",ou="Retail Users",ou=Sales,dc=proton,dc=phoenix,dc=co,dc=uk ldapserver

this works fine even with the nested ou's within the parent directory, however, it doesn't check for any valid groups!!
when trying to implement similar scenario as in Peter's mail, i cannot authenticate anyone at all (note quotes used for command line tests only)

./squid_ldap_auth -b ou="Focus Group",ou="Retail Users",ou=Sales,dc=proton,dc=phoenix,dc=co,dc=uk -f
"(&(uid=%s)(objectClass=organizationalPerson))" -h ldapserver

the external helper is as follows:

the group which all Internet users are members of is "Access". at what point do i enter the group to this command line option to test it??

external_acl_type access %LOGIN /data/test/libexec/squid_ldap_group -b ou='Focus Group',ou='Retail Users',ou=Sales,dc=proton,dc=phoenix,dc=co,dc=uk -f (&(cn=%g)(member=%u)(objectClass=groupOfNames)) -F
(&(uid=%s)(objectClass=organizationalPerson)) -h ldapserver

acl lines are fine!

an example object i am trying to authenticate from the active directory is simple user set as "test" with the group Access. They are no policies implemented to this object and the fully qualified name of the object as taken from active directory is:

proton.phoenix.co.uk/Sales/Retail Users/Focus Group/test
        
what i would like to achieve is that individual users in the active directories would be members of a group that would give them full access to the Internet, otherwise deny all the rest of users. is there something what i am completely missing from the configuration!! when contacting the external ldap server do i need to configure any other files on squid installation?
----------------------------
using squid-2.5STABLE1
all compiled on Solaris 5.7

--
tp
________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________
Received on Tue Mar 18 2003 - 07:35:45 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:07 MST