to henrick and all, i'm getting the realm authentication dialog box in the browser, however, everyone is denied. when trying to authenticate with username+passwd my name isn't in the logs, when using my username only my name appears in the logs. what's the problem please?
auth_param basic program /data/test/libexec/squid_ldap_auth -b ou='Focus Group',ou='Retail Users',ou=Sales,dc=proton,o=phoenix,c=co,c=uk -f(&(uid=%s)(objectClass=organizationalPerson)) -h ldapserver external_acl_type access %LOGIN /data/test/libexec/squid_ldap_group -b ou='Focus Group',ou='Retail Users',ou=Sales,dc=proton,o=phoenix,c=co,c=uk -f (&(cn=%g)(member=%u)(objectClass=groupOfNames)) -F(&(uid=%s)(objectClass=organizationalPerson)) -h ldapserver acl Access external access Access-Test http_access allow Access http_access deny all thank you for all your help tomas -----Original Message----- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: 18 March 2003 21:43 To: Tomas Palfi Cc: Squid Mailing Group (E-mail) Subject: Re: [squid-users] ldap Tomas Palfi wrote: > ./squid_ldap_auth -u cn -b ou="Focus Group",ou="Retail > Users",ou=Sales,dc=proton,dc=phoenix,dc=co,dc=uk ldapserver > > this works fine even with the nested ou's within the parent director Good, but I must say your base DN looks a bit odd to me... > however, it doesn't check for any valid groups!! It should not. squid_ldap_auth does not care about groups. > external_acl_type access %LOGIN /data/test/libexec/squid_ldap_group -b ou='Focus > Group',ou='Retail Users',ou=Sales,dc=proton,dc=phoenix,dc=co,dc=uk -f > (&(cn=%g)(member=%u)(objectClass=groupOfNames)) -F > (&(uid=%s)(objectClass=organizationalPerson)) -h ldapserver Hmm.. this does not match your squid_ldap_auth line above. In your suqid_ldap_auth line you are using cn as login name, but here you are using uid. The two cannot ever match. Regards Henrik ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________
