On Thursday 08 May 2003 22.46, Fernando Maior wrote:
> Do I need any more directives?
Looks fine. But you may want to spend some more time on your
http_access rules to make them more strict..
Standard template:
acl my_networks src ...
acl users proxy_auth REQUIRED
http_access allow my_networks users
http_access deny all
> It is not clear for me if I must include the full path and all
> parameters in the auth_param basic program line. Is it correct to
> have a line like
>
> auth_param basic program /usr/lib/squid/squid_ldap_auth -u cn -b
> "ou=Users,o=DASA" -f "(&(uid=%s)(internetAccess=enabled))" -h
> localhost
Yes.
Note: Quotes is only supported by Squid-2.5.STABLE2 or later, and only
required in squid.conf if you have arguments with space characters in
them.
> Also, man page for squid_ldap_group says it is an external acl
> helper, and the samples shows the use of external_acl_type
> directive. Do I need to use that directive for squid_ldap_auth or
> not?
squid_ldap_auth is a basic HTTP authentication helper and is
configured via auth_param.
squid_ldap_group is a external acl helper and is configured via
external_acl_type.
Their function and usage is different. You cannot exchange one for the
other. For both authentication and group authorization you need both
helpers.
> I understand squid_ldap_auth is for authentication against LDAP,
> and squid_ldap_group is only for verifying if the user is a member
> of the group. Am I right?
Yes.
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Thu May 08 2003 - 15:23:50 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:25 MST