i probe these configs, but arent working.<br>
auth_param basic program /usr/lib/squid/ldap_auth -Z -b "ou=group,dc=mydomain,dc=com" -D cn=admin,dc=hu -w password
auth_param basic children 10
auth_param basic credentialsttl 1 hour
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl SSL_ports port 873
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 631
acl Safe_ports port 873
acl Safe_ports port 901
acl purge method PURGE
acl CONNECT method CONNECT
no_cache deny QUERY
external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -b "ou=group,dc=mydomain,dc=com" -f (&(objectclass=posixGroup) (cn=%a) (member=%v))" -B " "cn=internet,ou=group,dc=mydomain,dc=com" -F uid="%s" -D cn=admin,dc=com -w password
acl passwd proxy_auth REQUIRED
acl passwd_group external ldap_group internet
http_access allow manager localhost
http_access allow password
http_access allow passwd_group
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
httpd_accel_single_host off
coredump_dir /var/spool/squid
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
The ldap:
com
|
mydomain
| |
users groups
| |
user1 internet
Mark Elsen írta:
> On 12/5/05, CsY <csy@vipmail.hu> wrote:
>
>> Hello
>>
>> Can i help you?
>> I need set up the ldap group authentication, this rule do not working.
>> Any idea?
>>
>> auth_param basic program /usr/lib/squid/ldap_auth -ZZ -b "ou=peoples,dc=mydomain,dc=com" ldap
>>
>> external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -ZZ
>> -b "cn=netgroup,ou=groups,dc=mydomain,dc=com" -f
>> "(&(objectclass=posixGroup)(cn=%a)(member=%v))" -B
>> "ou=peoples,dc=mydomain,dc=com" -F uid="%s" -w pass serveraddress:serverport
>>
>> acl password proxy_auth REQUIRED
>> acl password_group external ldap_group internet
>>
>>
>> http_access allow password_group
>>
>> thanks
>>
>>
>>
>>
>
>
> - Squid version ?
> - OS/platform/version ?
>
> M.
>
> _____________ NOD32 1.1311 (20051202) Információ _____________
>
> Az üzenetet a NOD32 antivirus system megvizsgálta.
> http://www.nod32.hu
>
>
>
>
Received on Mon Dec 05 2005 - 08:30:25 MST
This archive was generated by hypermail pre-2.1.9 : Sat Dec 31 2005 - 12:00:02 MST