Dear all,
I am trying to setup squid_ldap_group. It successfully authenticated
from the command line, but when I used browser there is no login prompt
come out for the group authentication.
belows is my configuration that worked from command line:
* /usr/lib/squid/squid_ldap_group -b "ou=chicken,
cn=apple,dc=xinxin,dc=com,dc=my" -f
"(&(dnmember=%u)(cn=%g)(objectclass=qmailGroup))" -B "ou=chicken,
cn=apple,dc=xinxin,dc=com,dc=my" -F "uid=%s" -D
"cn=ali,ou=chicken,cn=apple,dc=xinxin,dc=com,dc=my" -w xxxxx -h
191.111.111.111*
This worked, and gave me OK after I typed in my username and group.
Below is the squid.conf:
*auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hour
auth_param basic program /usr/lib/squid/squid_ldap_auth -b
"cn=apple,dc=xinxin,dc=com,dc=my" -D
"cn=ali,ou=chicken,cn=apple,dc=xinxin,dc=com,dc=my" -w xxxxx -f "uid=%s"
-h 190.111.111.111
external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -b
"cn=apple,dc=xinxin,dc=com,dc=my" -f
"(&(dnmember=%v)(uid=%a)(objectClass=qmailGroup))" -B
"cn=apple,dc=xinxin,dc=com,dc=my" -F "uid=%s" -D
"cn=ali,ou=chicken,cn=apple,dc=xinxin,dc=com,dc=my" -w xxxxx -h
190.111.111.111
acl authenticated proxy_auth REQUIRED
acl ldap_group-internet external ldap_group internet
acl phoenixtv dstdomain phoenixtv.com
http_access allow authenticated
http_access deny phoenixtv !ldap_group-mis
*
when I tried to access phoenixtv.com no login prompt comes out to
authenticate my username and group. I read Henrik mentioned before that
"acl authenticated proxy_auth REQUIRED" and "http_access allow
authenticated" are not neccessary, but upon removing those lines there
is no longer any authentication login prompt to access normal sites.
Anyone had similar problem? pls help....
Thanks in advance
Regards
Yong
Received on Thu Dec 09 2004 - 01:20:23 MST
This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:02 MST