OK.
authenticator is working fine.
but squid_ldap_group is not blocking according acl's.
my squid.conf:
external_acl_type ldap_group %LOGIN /squid/libexec/squid_ldap_group -h LDAP_SERVER_IP -b "OU=Grupos,DC=mydomain,DC=com" -f "(&(sAMAccountname=%g) (objectClass=group))" -B "CN=Users,DC=mydomain,DC=com" -F "(&(sAMAccountname=%s) (objectClass=person))" -D "AD_domain\lookup" -w lookup
#dn of group: CN=CGI - Rede,OU=Global,OU=Grupos,DC=mydomain,DC=com
acl REDE_GRP external ldap_group CGI\ -\ Rede
# to test group authentication
acl BLOCK_DOMAIN dstdomain .microsoft.com
# block domain .microsoft.com to REDE_GRP group
http_access deny BLOCK_DOMAIN REDE_GRP
but users of group REDE_GRP still access BLOCK_DOMAIN.
when I use external_acl tag from terminal and input LOGIN_NAME GROUP_NAME, squid_ldap_group returns OK.
thanks
> On Fri, 18 Mar 2005, Ytzhak Levy wrote:
>
> > Can I use squid_ldap_group with other user authenticator than
> > squid_auth_ldap ?
>
> Yes.
>
> All squid_ldap_group answers is if the given condition is true in
> your directory, commonly based on the login name but not even this
> is a requirement.
>
> Regards
> Henrik
-- _______________________________________________ Get your free email from http://mymail.bsdmail.com Powered by OutblazeReceived on Fri Mar 18 2005 - 09:33:24 MST
This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:02 MST