Hi,
I am still having trouble getting squid to authenticate based on ldap group
membership and user password. Here is what I have:
auth_param basic program /usr/local/squid/libexec/squid_ldap_auth \
-h ldap://ldap.some.org.au \
-b
"ou=people,dc=some,dc=org,dc=au,o=Internet" \
-D "cn=admin,o=Internet" \
-w "password" \
-u cn
external_acl_type ldap_group %LOGIN
/usr/local/squid/libexec/squid_ldap_group \
-h ldap://ldap.some.org.au \
-D "cn=admin,o=Internet" \
-w "password" \
-b
"ou=groups,dc=some,dc=org,dc=au,o=Internet" \
-f "member=cn
=%v,ou=people,dc=some,dc=org,dc=au,o=Internet"
acl localusers proxy_auth REQUIRED
acl proxy_users external ldap_group proxygrp
http_access deny !proxy_users
http_access allow localusers
In this configuration entering a username which is in the proxygrp in LDAP
gets access even if the password is wrong, if I swap the http_access rules
around then a username given with the right password will get access even
if they are not a member of the proxygrp, removing the deny ! proxy_users
line also results in the proxygrp not being checked.
How do I get the equivalent of "http_access allow if localusers *and*
proxy_users"?
Thanks for your patience and your help!
regards
Murray
__________________________________________________
Unix System Administrator, CSC
Ph: 08-9429-6780 Email: [EMAIL PROTECTED]
