Re: [squid-users] Re: squid_ldap_group authorisation of 2000 AD Groups

From: Oliver Hookins <ohookins@dont-contact.us>
Date: Mon, 06 Dec 2004 09:43:43 +1100

Serassio Guido wrote:
> Hi,
>
> At 13.47 05/12/2004, Kinkie wrote:
>
>> On Fri, 2004-12-03 at 00:14, Adam Aube wrote:
>>
>> > There is support for NTLM (aka Windows Integrated Authentication),
>> but it
>> > has some limitations:
>> >
>> > 1) It only fully works with IE
>>
>> AFAIK Mozilla Firefox supports it, both on MSWindows and on
>> Non-MSWindows platforms. Of course, on Firefox it is (rightfully so if
>> you ask me) non-transparent.
>
>
> On Windows latest Firefox seems to works transparently using logged-in
> user credentials like IE.
>
>> > 2) NTLM-over-HTTP is horribly broken - see the list archives for
>> details
>>
>> I can testimony to that.
>
>
> Me too ... :-)
>
> Regards
>
> Guido

Hmmm... this doesn't bode well for what I am trying to do. However it is
working at the moment. My only problem is that the users to be
authenticated/authorised are in different OUs. How can I get
squid_ldap_group to work with users in different OUs?

I set the Base DN to be at the level in the tree below the OUs but I
don't think the search filter can construct the user DN from the base DN
and the filter. Any advice?

Regards,
Oliver
Received on Sun Dec 05 2004 - 15:43:48 MST

This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:01 MST