[squid-users] RE: User with Chinese LDAP CN does not work

From: Huang, David <David.Huang@dont-contact.us>
Date: Mon, 26 Jul 2004 11:43:07 +0800

hello, sir:
 
 I tried your modules squid_ldap_auth, and squid_ldap_group to
 authenticate and authrize user against windows 2000 AD, basically I
 think it works fine, Thanks,please check my below configuration:
 
 auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b
 "dc=mtuzhuhai,dc=com" -D "cn =zpc9998t,ou=it,dc=mtuzhuhai,dc=com" -w
 abcdefg -f "(&(userPrincipalName=%s)(obje ctclass=user))" -h
 63.12.2.13 -p 389 -s sub -P
 
 external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -b
 "ou=mtugroup,dc=mtu zhuhai,dc=com" -B "dc=mtuzhuhai,dc=com" -h
 63.12.2.13 -p 389 -D "cn=zpc9998t,ou=it,dc=mtu zhuhai,dc=com" -w
 abcdefg -f "(&(cn=%g)(member=%u))" -P -R -F
 "(&(userPrincipalName=%s)(o bjectclass=user))" external_acl_type
 ldap_group2 %LOGIN /usr/lib/squid/squid_ldap_group -b "ou=Netinstall
 Pro ject,dc=mtuzhuhai,dc=com" -B "dc=mtuzhuhai,dc=com" -h 63.12.2.13
 -p 389 -D "cn=zpc9998t,o u=it,dc=mtuzhuhai,dc=com" -w abcdefg -f
 "(&(cn=%g)(member=%u))" -P -R -F "(&(userPrincipa
 lName=%s)(objectclass=user))"
 
 acl password proxy_auth REQUIRED
 acl acl_internet external ldap_group internetaccess
 acl acl_internet2 external ldap_group2 EngTester
 
 #('users belong to group internetaccess and engtester can go to
 Internet)
 
 http_access allow acl_internet
 http_access allow acl_internet2
 http_access deny password
 
 Existing problem:
 1) user has to enter username (UPN) and password
     --> I tried to use sAMAccountName, instead of userPrincipalName,
 it works fine in the command line for squid_ldap_auth, but NOT for
 using it in the configuration file. I dont know why!
 
 auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b
 "dc=mtuzhuhai,dc=com" -D "cn =zpc9998t,ou=it,dc=mtuzhuhai,dc=com" -w
 abcdefg -f "(&(sAMAccountName=%s)(obje ctclass=user))" -h 53.12.2.13
 -p 389 -s sub -P
 
     --> It is possible for the use do not need to enter the username
 and password, I mean it take the user name from system (IE?), and pass
 it to squid automatically? Just like microsoft ISA? There is no user
 name and password dialog for authorized users, this dialog shows up
 only for unauthorized users.
 
 2) users with Chinese CN does not work.
 
     For users with Chinese CN and displayName in the windows 2000 AD,
 squid_ldap_auth will not work even in the comman line. It is a bug or
 I need more configuration.
 
 
 Hope for your response!
 
 
 Best Regards
 
 David Huang
Received on Sun Jul 25 2004 - 21:48:33 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT