On Mon, 1 Feb 2010 12:53:16 +0000, "Joseph L. Casale"
<jcasale_at_activenetwerx.com> wrote:
>>Perhapse the fact that Kerberos works with anonymous binary blobs? no
>>username in sight.
>
> You have to pardon me, I am not familiar enough with the inner workings
> of Kerberos to understand what a binary blob is wrt to Kerberos:)
>
>>Or if not that, something in the elided section "<...>".
>
> I omitted it as it worked from the cli, but possibly something in the
> syntax when used in the conf file is wrong (wrapped intentionally here)?
>
> external_acl_type ldapgroup %LOGIN /usr/lib64/squid/squid_ldap_group -R
> -b "DC=domain,DC=local" -D "CN=LDAP,CN=Users,DC=domain,DC=local"
> -w "password" -f "(&(objectclass=person)(sAMAccountName=%v)
> (memberof=cn=%a,CN=Users,DC=domain,DC=local))" -h 10.0.0.2
>
>>The bare http_access logic is fine but assumes the LDAP group helper can
>>handle what Kerberos uses for a username.
>
> Is there a way to show what the helper is doing in the log file?
http://www.squid-cache.org/Versions/v3/3.1/manuals/squid_ldap_group
Looks like the -d debug option.
Amos
Received on Tue Feb 02 2010 - 03:58:29 MST
This archive was generated by hypermail 2.2.0 : Tue Feb 02 2010 - 12:00:03 MST