[squid-users] ldap

Tomas Palfi Tue, 18 Mar 2003 06:34:11 -0800

to all,

i followed Henrick's replies to mr Peter Homberger at Nextiraone from 7 March 2003, 
which helped me a lot, but i still have some unresolved issues!


i've got squid_ldap_auth working with these arguments (that's from a command line)

./squid_ldap_auth -u cn -b ou="Focus Group",ou="Retail 
Users",ou=Sales,dc=proton,dc=phoenix,dc=co,dc=uk ldapserver

this works fine even with the nested ou's within the parent directory, however, it 
doesn't check for any valid groups!!
when trying to implement similar scenario as in Peter's mail, i cannot authenticate 
anyone at all (note quotes used for command line tests only)

./squid_ldap_auth -b ou="Focus Group",ou="Retail 
Users",ou=Sales,dc=proton,dc=phoenix,dc=co,dc=uk -f
"(&(uid=%s)(objectClass=organizationalPerson))" -h ldapserver

the external helper is as follows:

the group which all Internet users are members of is "Access". at what point do i 
enter the group to this command line option to test it??

external_acl_type access %LOGIN  /data/test/libexec/squid_ldap_group -b ou='Focus 
Group',ou='Retail Users',ou=Sales,dc=proton,dc=phoenix,dc=co,dc=uk -f 
(&(cn=%g)(member=%u)(objectClass=groupOfNames)) -F
(&(uid=%s)(objectClass=organizationalPerson)) -h ldapserver

acl lines are fine!

an example object i am trying to authenticate from the active directory is simple user 
set as "test" with the group Access. They are no policies implemented to this object 
and the fully qualified name of the object as taken from active directory is:

proton.phoenix.co.uk/Sales/Retail Users/Focus Group/test
        
what i would like to achieve is that individual users in the active directories would 
be members of a group that would give them full access to the Internet, otherwise deny 
all the rest of users. is there something what i am completely missing from the 
configuration!!  when contacting the external ldap server do i need to configure any 
other files on squid installation?
----------------------------
using squid-2.5STABLE1 
all compiled on Solaris 5.7

--
tp


________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________

[squid-users] ldap

Reply via email to