Hello again, I have now set up my squid.conf like this
=====================================START ..... external_acl_type inetusers %LOGIN /usr/local/squid/libexec/squid_ldap_group -b "o=cag" -f " (&(cn=CAS_NU_Internetuser)(objectClass=groupOfNames)(member=%u))" -F " (&(uid=%s)(objectClass=Person))" 172.25.0.19 ... acl ldap_password proxy_auth required acl inet_users external inetusers CAS_NU_Internetuser ... auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b "o=cag" -f uid=%s 172.25.0.19 ... http_access allow inet_users http_access deny all ... =====================================END but it does not work. (noone can access, not users in the group, and not users that are not in the group) When changing the last line to ALLOW ALL, everyone can access, even if not in the group. Without group-checking it worked fine with this =====================================START ..... acl ldap_password proxy_auth required ... auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b "o=cag" -f uid=%s 172.25.0.19 ... http_access allow ldap_password http_access allow all ... =====================================END (what I don't understand is, that I have to put the last ALLOW ALL, to make it work. With this only authenticated users can access, others don't. With DENY ALL noone can access.) Any suggestions, what is my fault? Regards Stefan
