In ACL concepts you are doing the correct thing, but it seems the Group LDAP
auth patch does not like such usage. You are not the first reporting this.
Try contacting the author of Group LDAP Auth.
You could also make use of our external_auth patch for doing this. Known to
work fine for solving this problem but there is no helpers published yet
(http://devel.squid-cache.org/external_auth/).
Regards
Henrik Nordström
Squid Developer
On Wednesday 02 January 2002 16.56, Gregor Ibic wrote:
> I modified a LDAP authentication program to authenticate groups with MS
> Active Domain.
> It works ok with one group, but I dont know how to setup rules for two
> different groups.
>
> I want to have two groups of users, GroupA and GroupB with different
> permissions.
> Both grups are in LDAP directory.
>
> The problem is that if the user is in GroupB (and not in GroupA) the
> authentication
> program tells to squid that the users is not valid. But I want squid to
> check also the next line with GroupB
>
> my acl's:
> ***************************************
> acl ieA ldap_auth static InternetA
> acl ieB ldap_auth static InternetB
>
> http_access allow ieA
> http_access allow ieB
> http_access deny all
>
> if user is on group InternetB it is not allowed to use proxy, cause
> authentication algorithm
> never gets to that line, user is not in group InternetA so authentication
> program returns FALSE.
>
> Regards,
> Gregor
>
> Intelicom d.o.o.
> Security software company
> http://www.intelicom.si
> email: info@intelicom.si
> tel.: ++386 5 6309 158
> fax.: ++386 5 6279 355
-- MARA Systems AB, Giving you basic free Squid support Customized solutions, packaged solutions and priority support available on requestReceived on Wed Jan 02 2002 - 11:22:47 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:36 MST