Which Squid version are you using? (2.5.STABLE2 required) What is the exact contents of your LDAP group again? (my memory is short..)
Does the -f filter specification to squid_ldap_group work when you use ldapsearch manually? Try changing the -F argument to exacly the same as used for -f in squid_ldap_auth. CAS_NU_Internetuser in your -f argument should be %g for the group name, but this is another issue not related to your problems.. Regards Henrik tor 2003-04-03 klockan 15.29 skrev [EMAIL PROTECTED]: > Hello again, > > I have now set up my squid.conf like this > > =====================================START > ..... > external_acl_type inetusers %LOGIN > /usr/local/squid/libexec/squid_ldap_group -b "o=cag" -f " > (&(cn=CAS_NU_Internetuser)(objectClass=groupOfNames)(member=%u))" -F " > (&(uid=%s)(objectClass=Person))" 172.25.0.19 > ... > acl ldap_password proxy_auth required > acl inet_users external inetusers CAS_NU_Internetuser > ... > auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b > "o=cag" -f uid=%s 172.25.0.19 > ... > http_access allow inet_users > http_access deny all > ... > =====================================END > > but it does not work. (noone can access, not users in the group, and not > users that are not in the group) > When changing the last line to ALLOW ALL, everyone can access, even if not > in the group. > > > Without group-checking it worked fine with this > =====================================START > ..... > acl ldap_password proxy_auth required > ... > auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b > "o=cag" -f uid=%s 172.25.0.19 > ... > http_access allow ldap_password > http_access allow all > ... > =====================================END > (what I don't understand is, that I have to put the last ALLOW ALL, to make > it work. With this only authenticated users can access, others don't. With > DENY ALL noone can access.) > > > Any suggestions, what is my fault? > > Regards > Stefan -- Free Squid-users support provided by Henrik Nordstr�m <[EMAIL PROTECTED]> PayPal donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org&cn=Comment If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
