Re: [squid-users] Authentification against DominoNotes LDAP from Henrik Nordstrom on 2003-04-03 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 03 Apr 2003 16:06:15 +0200

Which Squid version are you using? (2.5.STABLE2 required)

What is the exact contents of your LDAP group again? (my memory is
short..)

Does the -f filter specification to squid_ldap_group work when you use
ldapsearch manually?

Try changing the -F argument to exacly the same as used for -f in
squid_ldap_auth.

CAS_NU_Internetuser in your -f argument should be %g for the group name,
but this is another issue not related to your problems..

Regards
Henrik

tor 2003-04-03 klockan 15.29 skrev Stefan.Vogel@temic.com:
> Hello again,
>
> I have now set up my squid.conf like this
>
> =====================================START
> .....
> external_acl_type inetusers %LOGIN
> /usr/local/squid/libexec/squid_ldap_group -b "o=cag" -f "
> (&(cn=CAS_NU_Internetuser)(objectClass=groupOfNames)(member=%u))" -F "
> (&(uid=%s)(objectClass=Person))" 172.25.0.19
> ...
> acl ldap_password proxy_auth required
> acl inet_users external inetusers CAS_NU_Internetuser
> ...
> auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b
> "o=cag" -f uid=%s 172.25.0.19
> ...
> http_access allow inet_users
> http_access deny all
> ...
> =====================================END
>
> but it does not work. (noone can access, not users in the group, and not
> users that are not in the group)
> When changing the last line to ALLOW ALL, everyone can access, even if not
> in the group.
>
>
> Without group-checking it worked fine with this
> =====================================START
> .....
> acl ldap_password proxy_auth required
> ...
> auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b
> "o=cag" -f uid=%s 172.25.0.19
> ...
> http_access allow ldap_password
> http_access allow all
> ...
> =====================================END
> (what I don't understand is, that I have to put the last ALLOW ALL, to make
> it work. With this only authenticated users can access, others don't. With
> DENY ALL noone can access.)
>
>
> Any suggestions, what is my fault?
>
> Regards
> Stefan

-- 
Free Squid-users support provided by Henrik Nordström <hno@squid-cache.org>
PayPal donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org&cn=Comment
If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Thu Apr 03 2003 - 07:06:22 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:38 MST