Hi all,
I'm trying to working with squid into a windows 2K server, and I've users into a ldap three. My scope is to have two groups: internetOK has access to internet e internetNO hasn't.
In my squid.conf I've:
auth_param basic program /Squid/libexec/squid_ldap_auth.exe -u cn -b ou=utenti,dc=bdcnet,dc=it -D cn=superadmin,cn=users,dc=bdcnet,dc=it -w pass -d -v 3 -h 192.168.1.1:389
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
external_acl_type ldap_group %LOGIN /Squid/libexec/squid_ldap_group.exe -u CN -b "OU=utenti,DC=bdcnet,DC=it" -d -f "(&(CN=%u)(objectClass=person)((memberOf=cn=internetOKnavigare,OU=utenti,DC=bdcnet,DC=it)))" -h 192.168.1.1:389
acl internetgroup external ldap_group internetOK
acl NOinternet external ldap_group internetNO
acl autenticati proxy_auth REQUIRED
http_access deny autenticati NOinternet
http_access allow autenticati internetgroup
http_access deny all
The basic authentication work for me good, but the authorization membership doesn't work.
For the external_acl_type I try different ldap search strings, but none seems to work:
for example:
external_acl_type ldap_group squid_ldap_group.exe -u "CN" -b "OU=utenti,DC=bdcnet,DC=it" -d -D cn=superadmin,cn=users,dc=bdcnet,dc=it -w pass -f (&(cn=%u)(|(memberOf=cn=internetOK,OU=utenti,DC=bdcnet,DC=it)(memberOf=cn=internetNO,OU=utenti,DC=bdcnet,DC=it)))
-h 192.168.1.1:389 -D cn=superadmin,cn=users,dc=bdcnet,dc=it -w pass
What are right parameters for " -f" option in squid_ldap_group?
Thanks in advance, and Best Regards
Samantha & Raffaele
-------------------------------------------------------------------------
NUOVA WEBMAIL DI INTERFREE!
Da oggi Interfree offre a tutti i suoi utenti un nuovissimo servizio
di WebMail tra i pił evoluti e una qualitą professionale che si rinnova
di continuo:
- Controllo antivirus
- Filtro antispamming
- Configurazione di account esterni
- Accesso gratuito a InterDrive dove salvare e organizzare i tuoi
file da qualsiasi computer e in qualsiasi momento ...
Iscriviti gratuitamente all'indirizzo http://www.interfree.it e prova il
nuovo servizio!
Lo Staff di Interfree
-------------------------------------------------------------------------
Received on Tue Nov 02 2004 - 04:36:12 MST
This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST