In message <[EMAIL PROTECTED]> you wrote: > .. you seem to forget one step. Please check your config with the following > instructions: > > > 1) pure authentication: > define first:: > auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b > ou=sample,o=org -f cn=%s -h 192.168.1.1 > auth_param basic children 10 > auth_param basic realm mein super squid proxy > auth_param basic credentialsttl 2 hours > then define ACL : > # > # ACL for LDAP password check > # > acl password proxy_auth REQUIRED > > 2) map users to groups: > define acl type first: > external_acl_type ldap_group ttl=30 concurrency=10 %LOGIN > /usr/local/squid/libexec/squid_ldap_group -f > "(&(cn=%v)(groupmembership=%a))" -b ou=sample,o=org -h 192.168.1.1 > then define ACLs : > acl movies external ldap_group cn=movies_group,ou=sample,o=org > acl sounds external ldap_group cn=sounds_group,ou=sample,o=org
> .. hope this get`s you running... Hi, thanks for the reply! Yes I've got authentication working now but not groups. I wonder if you mind helping further please? :) Here are my settings to get auth to work: auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b "cn=Users,dc=jadeb,dc=com" -u cn -h 192.168.254.23 acl dozeusers proxy_auth REQUIRED This works with the user 'daniel' that I added to the main Users group. >From an export ldif file the group and user are: dn: CN=daniel,CN=Users,DC=jadeb,DC=com changetype: add memberOf: CN=WebAccess,CN=Users,DC=jadeb,DC=com accountExpires: 9223372036854775807 badPasswordTime: 126883606504573568 badPwdCount: 0 codePage: 0 cn: daniel countryCode: 0 displayName: daniel givenName: daniel instanceType: 4 lastLogoff: 0 lastLogon: 126883606559552624 logonCount: 0 distinguishedName: CN=daniel,CN=Users,DC=jadeb,DC=com objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=jadeb,DC=com objectClass: user objectGUID:: 6uPoOsJwRUGJH+TBDQf6Cw== objectSid:: AQUAAAAAAAUVAAAAkuA8dyPz9mOKpzI/WwQAAA== primaryGroupID: 513 pwdLastSet: 126883606012065376 name: daniel sAMAccountName: daniel sAMAccountType: 805306368 userAccountControl: 512 userPrincipalName: [EMAIL PROTECTED] uSNChanged: 5057 uSNCreated: 5048 whenChanged: 20030130003641.0Z whenCreated: 20030129232101.0Z dn: CN=WebAccess,CN=Users,DC=jadeb,DC=com changetype: add member: CN=daniel,CN=Users,DC=jadeb,DC=com cn: WebAccess groupType: -2147483646 instanceType: 4 distinguishedName: CN=WebAccess,CN=Users,DC=jadeb,DC=com objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=jadeb,DC=com objectClass: group objectGUID:: wAP1kGfxBUq5wtjtqutb5w== objectSid:: AQUAAAAAAAUVAAAAkuA8dyPz9mOKpzI/WgQAAA== name: WebAccess sAMAccountName: WebAccess sAMAccountType: 268435456 uSNChanged: 5126 uSNCreated: 5034 whenChanged: 20030130113942.0Z whenCreated: 20030129170330.0Z So you can see why I needed -b "cn=Users,dc=jadeb,dc=com" in that auth. Now I am trying to test the group ldap by hand first as its much quicker than lots of squid restarts. This is what I am using: ./libexec/squid_ldap_group -b cn=Users,dc=jadeb,dc=com -f "(&(cn=%v)(groupmembership=%a))" -h 192.168.254.23 daniel cn=WebAccess,cn=Users,dc=jadeb,dc=com ERR daniel WebAccess ERR ./libexec/squid_ldap_group -b cn=Users,dc=jadeb,dc=com -f "(&(dn=%v)(memberOf=%a))" -h 192.168.254.23 daniel cn=WebAccess,cn=Users,dc=jadeb,dc=com ERR daniel WebAccess ERR ./libexec/squid_ldap_group -b cn=Users,dc=jadeb,dc=com -f "(&(dn=%v)(groupmembership=%a))" -h 192.168.254.23 daniel cn=WebAccess,cn=Users,dc=jadeb,dc=com ERR daniel WebAccess ERR ./libexec/squid_ldap_group -b cn=Users,dc=jadeb,dc=com -f "(&(dn=%v)(memberOf=%a))" -h 192.168.254.23 daniel cn=WebAccess,cn=Users,dc=jadeb,dc=com ERR daniel WebAccess ERR I am sure its just a matter of working out the right filter and possibly the base name, but I don't know what else to try. Perhaps you understand ldap better and can point me in the right direct? Thanks. -- Daniel Barron (Visit http://dansguardian.org/ - True web content filtering for all)
