Hi Jack For group ldap
1) Find the ldapsearch command to give a "true" condition for your AD groups i.e. the -f condition for squid_ldap_group For AD most probably "(&(cn=%a)(member=uid=%v,*)(objectclass=group))" 2)create acls criteria for each group acl group1 external ldapou group_in_ad_1 acl group2 external ldapou group_in_ad_2 3) use them in http_access http_access allow group1 http_access allow group2 Reg. Prasanta -----Original Message----- From: Jack [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 06, 2003 3:25 PM To: Henrik Nordstrom Cc: Squid Users Subject: Re: [squid-users] squid proxy for W2K active directoty users Hello Henrik, Thanks, Its working fine now. Can i use squid_ldap_group for group authentication. I set filter as cn=%a but i am not sure that my configuration is correct. My squid.conf related to authentication auth_param basic program /usr/local/squid25S1/libexec/squid_ldap_auth -u cn -b cn=Users,dc=test,dc=local -h 172.16.1.251 auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours external_acl_type ldapou %LOGIN /usr/local/squid25S1/libexec/squid_ldap_group -b "cn=Users,dc=test,dc=local" -f "(cn=%a)" -h 172.16.1.251 acl ou_testing external ldapou sqldap acl url1 dstdomain .yahoo.com http_access allow ou_testing url1 http_access deny all when i browse www.yahoo.com i am getting access denied page. Thanks and Regards, Jack > In the documentation to the LDAP helpers, shipped with Squid.. > > Regards > Henrik > > > ons 2003-02-05 klockan 10.46 skrev Jack: > > Hello Henrik, > > > > Thanks, I like to use LDAP but i did not get the schema to support > > it. > > > > Can you suggest a link where i can find more information on LDAP-W2K active > > directory > > > > Regards, > > Jack > > > > > Jack wrote: > > > > > > > Is it possible to use W2K native mode active directory for > > authenticating > > > > proxy users. > > > > > > Yes. > > > > > > You can use either LDAP (always works) or winbind (requires that support > > > for NTLM is enabled in your AD, is by default) > > > > > > Regards > > > Henrik > > > > __________________________________________________ > > Do You Yahoo!? > > Everything you'll ever need on one web page > > from News and Sport to Email and Music Charts http://uk.my.yahoo.com > -- > Henrik Nordstrom <[EMAIL PROTECTED]> > MARA Systems AB, Sweden __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com **************************Disclaimer************************************ Information contained in this E-MAIL being proprietary to Wipro Limited is 'privileged' and 'confidential' and intended for use only by the individual or entity to which it is addressed. You are notified that any use, copying or dissemination of the information contained in the E-MAIL in any manner whatsoever is strictly prohibited. ***************************************************************************
BEGIN:VCARD VERSION:2.1 N:Panda;Prasanta;Kumar FN:Prasanta ([EMAIL PROTECTED]) (prasanta) ORG:Wipro Technologies;IMG-HDC TITLE:Sr. Network Analyst TEL;WORK;VOICE:+91 40-6565148 TEL;WORK;VOICE:+91 40-6565000 ADR;WORK;ENCODING=QUOTED-PRINTABLE:;;Wipro Technologies=0D=0ASurvey # 64=0D=0AMadhapur;Hyderabad;Andhra Pradesh= ;500033;India LABEL;WORK;ENCODING=QUOTED-PRINTABLE:Wipro Technologies=0D=0ASurvey # 64=0D=0AMadhapur=0D=0AHyderabad, Andhra Pra= desh 500033=0D=0AIndia URL;WORK:http://www.wipro.com EMAIL;PREF;EX:/o=Wipro/ou=First Administrative Group/cn=Recipients/cn=prasanta REV:20020725T070827Z END:VCARD
