[squid-users] squid_ldap_group authentication against Active Directory

From: Keppner, Christoph <keppner@dont-contact.us>
Date: Thu, 18 Dec 2003 21:50:35 +0100

Hi,

i'm trying to restrict access to my squid cache to users of a special group
"ProxyUsers" in Active Directory. I have Debian Testing (Sarge) with
squid-2.5Stable4 installed.

First i tried with the ldap_auth command:

/usr/lib/squid/ldap_auth -b dc=dhc-gmbh,dc=com -R -D keppner@dhc-gmbh.com -w
SeCrEt -f sAMAccountName=%s myW2KServer

In this way, when i enter "username password" lines, i get OK or ERR, and
everything is fine. The problem: every valid user with a valid password has
access to the cache.

I read many mailings on this list (and some other too), but i didn't find a
good hint.

I know so far, that squid_ldap_group is the right program, but how do i use
it? In a mail from Henrik Nordstrom, there was this description:

> 0. Optionally bind (login) as a dummy user (by DN) if anonymous
> searches is disallowed in the directory (-D+-W arguments)
> 1. Search for the user in the directory (-F argument with the same data
> as -f to squid_ldap_auth)
> 2. Search for the group in the directory and verify that the user is
> member of the group (-f argument).

How must the -f argument looks like?!? In some mails, people talk about some
examples, that are shipped with squid and work fine with Active Directory,
but i can't find them. I'm not very familiar with ldap searchstrings so can
somebody give me a hint, how the FULL command looks?

Greetings
Christoph
Received on Thu Dec 18 2003 - 13:50:38 MST

This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:17 MST