> I am still having trouble getting squid to authenticate based on ldap group > membership and user password. Here is what I have: > [...]
Looks okay. Can you do the external_acl_type call manually and enter "username group<enter>" and get an "OK" when you expect it? > acl localusers proxy_auth REQUIRED > acl proxy_users external ldap_group proxygrp > http_access deny !proxy_users > http_access allow localusers > > In this configuration entering a username which is in the proxygrp in LDAP > gets access even if the password is wrong, if I swap the http_access rules > around then a username given with the right password will get access even > if they are not a member of the proxygrp, removing the deny ! proxy_users > line also results in the proxygrp not being checked. > > How do I get the equivalent of "http_access allow if localusers *and* > proxy_users"? We just had this question on another thread. If you want to 'and' two ACLs you write them in one line like in "http_access allow localusers proxy_users". Christoph -- ~ ~ ".signature" [Modified] 3 lines --100%-- 3,41 All
