[squid-users] Fw: Re: squid_ldap_group with SSL port on 9000 & 8443 from R. V. Somani on 2005-05-29 (squid-users)

From: R. V. Somani <somani@dont-contact.us>
Date: Mon, 30 May 2005 09:23:20 +0530

Dear Henrik,

Request your help to resolve this problem...

Thanks & Regards

R V Somani
---------- Forwarded Message -----------
From: Henrik Nordstrom <hno@squid-cache.org>
To: "R. V. Somani" <somani@ahm.cmc.net.in>
Sent: Sat, 28 May 2005 17:43:51 +0200 (CEST)
Subject: Re: squid_ldap_group with SSL port on 9000 & 8443

Please use the squid-users mailinglist for Squid configuration and usage
questions.

Regards
Henrik

On Sat, 28 May 2005, R. V. Somani wrote:

> Hi all,
>
> We have configured Squid 2.5 STABLE 10 on Redhat ES3.0, tested basic
> configuration and working fine.
>
> We are unable to access SSL ports no 9000 & 8443 when we enable
> squid_ldap_group authentication, we are accessing oracle apps through ports
> 9000 & 8443. Without any authentication it is working fine.
>
> Following are the relavent squid.conf entries...
>
> 1.
>
> auth_param basic program /usr/lib/squid/squid_ldap_auth -b "o=CMC
> Ahmedabad,c=IN" -D "cn=root,o=CMC Ahmedabad,c=IN" -w ldapserver -f uid=%s -P
> -R -h 172.31.79.2 -p 389
>
> 2.
> external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -
b "o=CMC
> Ahmedabad,c=IN" -D "cn=root,o=CMC Ahmedabad,c=IN" -F(uid=%s)
> -f(&(uid=%u)(cn=%g)) -w redhat -h 172.31.79.2 -p 389
>
> 3.
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 563 8443 9000
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> 4.
> external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -
b "o=CMC
> Ahmedabad,c=IN" -D "cn=root,o=CMC Ahmedabad,c=IN" -F(uid=%s)
> -f(&(uid=%u)(cn=%g)) -w ldapserver -h 172.31.79.2 -p 389
>
> 5.
> acl ahmusrs external ldap_group REQUIRED
>
> 6.
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow ahmusrs
>
>
> Request your help to resolve problem.
>
> Thanks & Regards
>
> R V Somani
> ______________________________________________________________________
> E-mail: somani@ahm.cmc.net.in (M): 9825909492
>
------- End of Forwarded Message -------

R V Somani
______________________________________________________________________
CMC Limited,
6th Floor Premier House-I, Plot No. 406/2, Bodakdev,Ahmedabad.
Ph.: 079-26855480,82,83 FAX : 079-26855175 E-mail: somani@ahm.cmc.net.in
(M): 9825909492
Received on Sun May 29 2005 - 21:48:20 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:03 MDT