[squid-users] RE: User with Chinese LDAP CN does not work

Sun, 25 Jul 2004 20:52:02 -0700 

hello, sir:
 
 I tried your modules squid_ldap_auth, and squid_ldap_group to
 authenticate and authrize user against windows 2000 AD, basically I 
 think it works fine, Thanks,please check my below configuration:
 
 auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b
 "dc=mtuzhuhai,dc=com" -D "cn =zpc9998t,ou=it,dc=mtuzhuhai,dc=com" -w 
 abcdefg -f "(&(userPrincipalName=%s)(obje ctclass=user))" -h 
 63.12.2.13 -p 389 -s sub -P
 
 external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -b
 "ou=mtugroup,dc=mtu zhuhai,dc=com" -B "dc=mtuzhuhai,dc=com" -h 
 63.12.2.13 -p 389 -D "cn=zpc9998t,ou=it,dc=mtu zhuhai,dc=com" -w 
 abcdefg  -f "(&(cn=%g)(member=%u))" -P -R -F 
 "(&(userPrincipalName=%s)(o bjectclass=user))" external_acl_type 
 ldap_group2 %LOGIN /usr/lib/squid/squid_ldap_group -b "ou=Netinstall 
 Pro ject,dc=mtuzhuhai,dc=com" -B "dc=mtuzhuhai,dc=com" -h 63.12.2.13 
 -p 389 -D "cn=zpc9998t,o u=it,dc=mtuzhuhai,dc=com" -w abcdefg  -f 
 "(&(cn=%g)(member=%u))" -P -R -F "(&(userPrincipa 
 lName=%s)(objectclass=user))"
 
 acl password proxy_auth REQUIRED
 acl acl_internet external ldap_group internetaccess        
 acl acl_internet2 external ldap_group2 EngTester
 
 #('users belong to group internetaccess and engtester can go to
 Internet)
 
 http_access allow acl_internet
 http_access allow acl_internet2
 http_access deny password
 
 Existing problem:
 1) user has to enter username (UPN) and password
     --> I tried to use sAMAccountName, instead of userPrincipalName,
 it works fine in the command line for squid_ldap_auth, but NOT for 
 using it in the configuration file. I dont know why!
 
 auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b
 "dc=mtuzhuhai,dc=com" -D "cn =zpc9998t,ou=it,dc=mtuzhuhai,dc=com" -w 
 abcdefg -f "(&(sAMAccountName=%s)(obje ctclass=user))" -h 53.12.2.13 
 -p 389 -s sub -P
 
     --> It is possible for the use do not need to enter the username
 and password, I mean it take the user name from system (IE?), and pass 
 it to squid automatically? Just like microsoft ISA? There is no user 
 name and password dialog for authorized users, this dialog shows up 
 only for unauthorized users.
 
 2) users with Chinese CN does not work.
 
     For users with Chinese CN and displayName in the windows 2000 AD,
 squid_ldap_auth will not work even in the comman line. It is a bug or 
 I need more configuration.
 
 
 Hope for your response!
 
 
 Best Regards
 
 David Huang

Reply via email to