On Wed, 10 Dec 2003, Geir Fossum wrote:
> I want to authenticate users in a group (MS AD) for internet access.
>
> Must i have the squid_ldap_auth _and_ squid_ldap_group configured in
> squid.conf to accomplish my goal ?
Yes. The first authenticates the user by verifying his password.
The second authorizes the user by verifying that he belongs to the
required groups.
But if it only is a single accesse level you want to provide then it MAY
be possible to get by with only using the squid_ldap_auth helper and
constructing a search filter matching only users who have attributes
indicating they are members of the required group. But I would recommend
using both helpers.
> I thought i could test the squid_ldap_group helper to get the parameters
> correct before i configure the squid.conf.
You can. The squid_ldap_group helper simply expects
username groupname
as input and will return OK if everything is correct.
Note: if either contains spaces then you need to use quotes
"username" "groupname"
similarily the squid_ldap_auth helper simply expects
username password
as input and will also return OK if the login is correct. But here you
need to URL encode the data if there is spaces or % characters in the
login or password.
Regards
Henrik
Received on Wed Dec 10 2003 - 04:03:20 MST
This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:09 MST