Hi, i'm trying to restrict access to my squid cache to users of a special group "ProxyUsers" in Active Directory. I have Debian Testing (Sarge) with squid-2.5Stable4 installed.
First i tried with the ldap_auth command: /usr/lib/squid/ldap_auth -b dc=dhc-gmbh,dc=com -R -D [EMAIL PROTECTED] -w SeCrEt -f sAMAccountName=%s myW2KServer In this way, when i enter "username password" lines, i get OK or ERR, and everything is fine. The problem: every valid user with a valid password has access to the cache. I read many mailings on this list (and some other too), but i didn't find a good hint. I know so far, that squid_ldap_group is the right program, but how do i use it? In a mail from Henrik Nordstrom, there was this description: > 0. Optionally bind (login) as a dummy user (by DN) if anonymous > searches is disallowed in the directory (-D+-W arguments) > 1. Search for the user in the directory (-F argument with the same data > as -f to squid_ldap_auth) > 2. Search for the group in the directory and verify that the user is > member of the group (-f argument). How must the -f argument looks like?!? In some mails, people talk about some examples, that are shipped with squid and work fine with Active Directory, but i can't find them. I'm not very familiar with ldap searchstrings so can somebody give me a hint, how the FULL command looks? Greetings Christoph
