On 24/08/2016 4:24 a.m., Diogenes S. Jesus wrote:
If you want to do things like this safely please upgrade to Squid-4
where the logformat codes are available. Those codes provide
customizable escaping and quoting styles so you can set one that
protects LDAP against these
> >> If you want to do things like this safely please upgrade to Squid-4
> >> where the logformat codes are available. Those codes provide
> >> customizable escaping and quoting styles so you can set one that
> >> protects LDAP against these attacks to be ued on the URI field value
> >> sent by
On 23/08/2016 7:56 a.m., Diogenes S. Jesus wrote:
> Hi there. First thanks for taking the time to thoroughly reply to it.
>
>>> external_acl_type ldap_HTTP %LOGIN %URI
>>> /usr/lib/squid/ext_ldap_group_acl -D "cn=admin,dc=example,dc=com" -w
>>> test -R -b "ou=authorization,dc=example,dc=com" -B
Hi there. First thanks for taking the time to thoroughly reply to it.
>> external_acl_type ldap_HTTP %LOGIN %URI
>> /usr/lib/squid/ext_ldap_group_acl -D "cn=admin,dc=example,dc=com" -w
>> test -R -b "ou=authorization,dc=example,dc=com" -B
>> "ou=people,dc=example,dc=com" -f
>>
On 22/08/2016 10:54 a.m., Diogenes S. Jesus wrote:
> Hi everyone.
>
> I've the following use case to be accomplished using ACL:
>
> - Allow any authenticated user who is member of a group named after the URI
>
> To construct this I've built the following squid.conf (snippet):
>
> -
>
Hi everyone.
I've the following use case to be accomplished using ACL:
- Allow any authenticated user who is member of a group named after the URI
To construct this I've built the following squid.conf (snippet):
-
auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -d