[squid-users] Re: squid_ldap_group (Group into Group) from Markus Moeller on 2012-08-10 (squid-users)

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Fri, 10 Aug 2012 13:06:40 +0100

Hi Rickifer,

squid_kerb_ldap does not require squid_kerb_auth. You can use command line
options for ldap and a default realm.

ext_kerberos_ldap_group_acl [-h] [-d] [-i] [-s] [-a] [-D Realm ] [-N
Netbios-Realm-List] [-m Max-Depth] [-u Ldap-User] [-p Ldap-Password] [-b
Ldap-Bind-Path] [-l Ldap-URL] [-S ldap server list] -g Group-Realm-List -t
Hex-Group-Realm-List -T Hex-Group-Hex-Realm-List

Markus

"Rickifer Barros" <rickiferbarros_at_gmail.com> wrote in message
news:CAD1agDxyKH0acW1u84ysDVVGQnf2vUajR4xhnOH=d=M4fXjEPg_at_mail.gmail.com...
> Hi Eugene,
>
> yes, that's true, but this only works together the program
> squid_kerb_auth. So this require my computer inside a domain. I need
> that it works with a popup to type username and password.
>
> I tried:
> - to use squid_kerb_auth with the parameter "auth_param basic program"
> (DOESN'T WORK)
> - to use squid_ldap_auth to autenticate and squid_kerb_ldap to search.
> It authenticates but doesn't search. (DOESN'T WORK)
> - to use "auth_param negotiate program squid_kerb_auth" with
> "squid_kerb_ldap" to search, with my computer inside a domain. (IT
> WORKS!) But without username/password popup.
>
> Is there some way to join "Authentication via Popup" + "Recursive Query"?
>
> Thanks Guys.
>
> On Fri, Aug 10, 2012 at 12:57 AM, Eugene M. Zheganin <eugene_at_zhegan.in>
> wrote:
>> Hi.
>>
>>
>> On 10.08.2012 01:10, Rickifer Barros wrote:
>>>
>>> Hi squid users,
>>>
>>> I have a question about the helper squid_ldap_group whose don't find
>>> in the internet. I'm testing it and I noticed that it don't recognize
>>> groups inside group, but only read users inside group.
>>>
>>> The command I'm using is like this: external_acl_type AD_GROUP %LOGIN
>>> /usr/lib/squid3/squid_ldap_group -R -P -b "dc=domain,dc=yyy" -D
>>> "cn=user,dc=domain,dc=yyy" -w "password" -f
>>>
>>> "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn="%a",ou="example",dc=domain,dc=yyy))"
>>> -h yyy.yyy.yyy.yyy
>>>
>>> Is there a way to squid_ldap_group to read the groups into the other
>>> group?
>>>
>>>
>> Afaik, the only way to let the squid know about nested groups is to use a
>> squid_kerb_ldap instead of the squid_ldap_group.
>>
>> Eugene.
>
Received on Fri Aug 10 2012 - 12:07:01 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 10 2012 - 12:00:02 MDT