Re: [squid-users] Squid_ldap_group

From: Henrik Nordström <hno@dont-contact.us>
Date: Fri, 25 Oct 2002 09:15:40 +0200 (CEST)

Yes.

The squid_ldap_group only performs group membership lookups and need a
authentication method defined to allow the user to log in. To use LDAP
authentication you will also need to configure Squid to use
squid_ldap_auth for authentication, and squid_ldap_group for group
membership verifications.

See the auth_param directive and the squid_ldap_auth basic authentication
helper.

Regards
Henrik

On Fri, 25 Oct 2002, Jack wrote:

> Hello Henrik,
>
> Thanks,
> When i configured proxy in browser and try to browse i did not get
> authentication window.
>
> Do i need to configure LDAP authentication program?
>
> Regards
> Jack
>
> > Sorry, the acl line should obviously read
> >
> > acl ou_testing external ldapou Testing
> >
> > Regards
> > Henrik
> >
> >
> > Jack wrote:
> > > Hello Henrik,
> > >
> > > While i run squid after changing squid configuration according to your
> > > guide i got following error:
> > >
> > > 2002/10/24 19:08:41| squid.conf line 1287: acl ou_testing ldapou Testing
> > > 2002/10/24 19:08:41| aclParseAclLine: Invalid ACL type 'ldapou'
> > > 2002/10/24 19:08:41| squid.conf line 1766: http_access allow ldapou
> > > 2002/10/24 19:08:41| aclParseAccessLine: ACL name 'ldapou' not found.
> > > 2002/10/24 19:08:41| squid.conf line 1766: http_access allow ldapou
> > > 2002/10/24 19:08:41| aclParseAccessLine: Access line contains no ACL's,
> > > skipping
> > >
> > > I Compiled squid with following configuration option:
> > > ./configure --prefix=/usr/local/squid25S1 --enable-snmp --enable-ssl
> > > --enab le-external-acl-helpers="ldap_group"
> > >
> > > How to set acl for ldap_group
> > >
> > > Thanks,
> > > Jack
> > >
> > > > The -f argument to suqid_ldap_group needs to contain special codes
> > > > referring to the login or group names. The correct external_acl_type
> > > > line reads:
> > > >
> > > > external_acl_type ldapou %LOGIN
> > > > /usr/local/squid/libexec/squid_ldap_group -b "dc=xxx,dc=com" -f
> > > > "(&(uid=%v)(ou=%a))" -h localhost
> > > >
> > > > acl ou_testing ldapou Testing
> > > >
> > > > These magic codes is documented in the squid_ldap_group documentation
> > > > shipped with Squid.
> > > >
> > > > Regards
> > > > Henrik Nordström
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Everything you'll ever need on one web page
> > > from News and Sport to Email and Music Charts
> > > http://uk.my.yahoo.com
>
> __________________________________________________
> Do You Yahoo!?
> Everything you'll ever need on one web page
> from News and Sport to Email and Music Charts
> http://uk.my.yahoo.com
>
Received on Fri Oct 25 2002 - 01:15:44 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:54 MST