Sorry about the delayed response, we had a server go down and I had to drop this for a few days...
> > > -b on squid_ldap_group does not seem to have an "%" substitution to > > add the group name and including a filter for group and the filter > > doesn't work any of the ways I have tried it- > > /usr/local/squid/libexec/squid_ldap_group -h > > ldap://ldap.some.org.au -D "cn=admin,o=Internet" -w "password" -b > > "ou=groups,dc=some,dc=org,dc=au,o=Internet" -f > > "(&(cn=%g)("member=cn=%u,ou=people,dc=some,dc=org,dc=au,o=Internet" > >))" > > Hmm.. not sure -h accepts ldap URIs, but it most likely do not.. try > using just the hostname. That was the problem! Below is what I ended up with and it works perfectly! Thanks very much for your help. regards, Murray # squid.conf auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -h ldap://lda p.some.org.au -b "ou=people,dc=some,dc=org,dc=au,o=Internet" -D "cn=admin, o=Internet" -w "password" -u cn external_acl_type ldap_group %LOGIN /usr/local/squid/libexec/squid_ldap_group -h ldap.some.org.au -D "cn=admin,o=Internet" -w "password" -b "ou=groups,dc=some,dc=org,dc=au,o=Internet" -f "(&(cn=%g)("member=cn=%u,ou=people,dc=some,dc=org,dc=au,o=Internet"))" acl localusers proxy_auth REQUIRED acl proxy_users external ldap_group proxygrp http_access deny !proxy_users http_access allow localusers
