On Sat, 23 Oct 2004, Eric.chen wrote:
> auth_param basic program /usr/lib/squid/squid_ldap_auth -b "dc=xyz,dc=local" -
> D "CN=ldapgroup,CN=USERS,DC=xyz,DC=local" -w
> "123456" -f "(&(sAMAccountName=%s)(objectClass=Person))" 192.168.0.1
>
> external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -
> b "dc=xyz,dc=local" -D
> "CN=ldapgroup,CN=TEMP,DC=xyz,DC=local" -w "123456" -f "(&(CN=%g)(member=%
> u))" -F "sAMAccountName=%s" 192.168.0.1
For completeness the -F argument to squid_ldap_group should match the -f
argument to squid_ldap_auth..
> acl ulocal proxy_auth REQUIRED
You don't need this acl if you are using groups..
> acl uldap_group external ldap_group internet
> http_access allow uldap_group
Looks fine to me.
What does the other http_access rules look like?
Regards
Henrik
Received on Sat Oct 23 2004 - 14:28:08 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Nov 01 2004 - 12:00:02 MST