I have done the changes you written me. I have tooken squid-2.5.STABLE1 together with ldap_auth_group version 2.10. If the quotes will be removed an syntax error near unexpected token `&' receives. There is also no bug in the buglist.
Any idea? Now squid.conf looks like: auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b ou=security,o=nextiraone,c=ch -f "(&(uid=%s)(objectClass=organizationalPerson))" auth_param basic children 5 auth_param basic realm "Authentication for Internet Access is required! Please note that all traffic could me monitored for statistic purposes!" auth_param basic credentialsttl 2 hours external_acl_type ldap_group %LOGIN /usr/local/squid/libexec/squid_ldap_group -b "ou=security,o=nextiraone,c=ch" -f "(&(cn=%v)(member=uid=%d,*)(objectClass=groupOfNames))" acl group_Internet external ldap_group Security-Group http_access allow group_Internet http_access deny all Mit freundlichen Gr�ssen With kind regards Peter Homberger NextiraOne Schweiz GmbH Peter Homberger Consultant Security / NMS Industriestasse 30, CH-8203 Kloten Tel: +41 1 815 32 65 Fax: +41 1 813 53 24 mailto:[EMAIL PROTECTED] http://www.nextiraone.ch -----Urspr�ngliche Nachricht----- Von: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 6. M�rz 2003 12:33 An: Homberger Peter Cc: '[EMAIL PROTECTED]' Betreff: Re: [squid-users] Squid_ldap_group tor 2003-03-06 klockan 11.02 skrev Homberger Peter: > My LDAP Group: > > # Security-Group, security, nextiraone, ch > dn: cn=Security-Group,ou=security,o=nextiraone,c=ch > objectClass: groupOfNames > objectClass: groupOfUniqueNames > cn: Security-Group > member: cn=FW1-Template,o=nextiraone,c=ch > member: cn=Homberger Peter,ou=security,o=nextiraone,c=ch > uniqueMember: uid=phom,ou=security,o=nextiraone,c=ch > > > My User: > > # Homberger Peter, security, nextiraone, ch > dn: cn=Homberger Peter,ou=security,o=nextiraone,c=ch > objectClass: person > objectClass: uidObject > objectClass: organizationalPerson > cn: Homberger Peter > sn: Homberger > uid: phom > userPassword: ********** > > My squid.conf > > auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -u > uid -b ou=security,o=nextiraone,c=ch This is a problem... what you want is something like this: squid_ldap_auth -b ou=security,o=nextiraone,c=ch -f (&(uid=%s)(objectClass=organizationalPerson)) -h your.ldap.server the -u argument is only applicable if the user login name is the last component of the user DN (cn=Homberger Peter in your case). > external_acl_type ldap_group %LOGIN > /usr/local/squid/libexec/squid_ldap_group -b > "ou=security,o=nextiraone,c=ch" -f > '(&(cn=%v)(member=uid=%d,*)(objectClass=groupOfNames))' Looks good, but you might want to upgrade to a later version of squid_ldap_group to simplify the filter somewhat.. also your probably need to remove the quotes around the filter specification. See also the known bugs page.. Regards Henrik -- Henrik Nordstrom <[EMAIL PROTECTED]> MARA Systems AB, Sweden
