On Wed, 10 Dec 2003, Geir Fossum wrote: > I want to authenticate users in a group (MS AD) for internet access. > > Must i have the squid_ldap_auth _and_ squid_ldap_group configured in > squid.conf to accomplish my goal ?
Yes. The first authenticates the user by verifying his password. The second authorizes the user by verifying that he belongs to the required groups. But if it only is a single accesse level you want to provide then it MAY be possible to get by with only using the squid_ldap_auth helper and constructing a search filter matching only users who have attributes indicating they are members of the required group. But I would recommend using both helpers. > I thought i could test the squid_ldap_group helper to get the parameters > correct before i configure the squid.conf. You can. The squid_ldap_group helper simply expects username groupname as input and will return OK if everything is correct. Note: if either contains spaces then you need to use quotes "username" "groupname" similarily the squid_ldap_auth helper simply expects username password as input and will also return OK if the login is correct. But here you need to URL encode the data if there is spaces or % characters in the login or password. Regards Henrik
