Re: [squid-users] squid_ldap_group (Group into Group)

From: Rickifer Barros <>
Date: Fri, 10 Aug 2012 08:55:45 -0300

Hi Eugene,

yes, that's true, but this only works together the program
squid_kerb_auth. So this require my computer inside a domain. I need
that it works with a popup to type username and password.

I tried:
- to use squid_kerb_auth with the parameter "auth_param basic program"
- to use squid_ldap_auth to autenticate and squid_kerb_ldap to search.
It authenticates but doesn't search. (DOESN'T WORK)
- to use "auth_param negotiate program squid_kerb_auth" with
"squid_kerb_ldap" to search, with my computer inside a domain. (IT
WORKS!) But without username/password popup.

Is there some way to join "Authentication via Popup" + "Recursive Query"?

Thanks Guys.

On Fri, Aug 10, 2012 at 12:57 AM, Eugene M. Zheganin <> wrote:
> Hi.
> On 10.08.2012 01:10, Rickifer Barros wrote:
>> Hi squid users,
>> I have a question about the helper squid_ldap_group whose don't find
>> in the internet. I'm testing it and I noticed that it don't recognize
>> groups inside group, but only read users inside group.
>> The command I'm using is like this: external_acl_type AD_GROUP %LOGIN
>> /usr/lib/squid3/squid_ldap_group -R -P -b "dc=domain,dc=yyy" -D
>> "cn=user,dc=domain,dc=yyy" -w "password" -f
>> "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn="%a",ou="example",dc=domain,dc=yyy))"
>> -h yyy.yyy.yyy.yyy
>> Is there a way to squid_ldap_group to read the groups into the other
>> group?
> Afaik, the only way to let the squid know about nested groups is to use a
> squid_kerb_ldap instead of the squid_ldap_group.
> Eugene.
Received on Fri Aug 10 2012 - 11:55:52 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 10 2012 - 12:00:02 MDT