[squid-users] Squid_Ldap_Group

From: Jeroen Ruijter <jeroen.ruijter_at_borsboomhamm.nl>
Date: Thu, 3 Dec 2009 16:46:57 +0100

Dear Sir/Madam,

I've tried to activate LDAP authentication for Squid.
Users have to authenticate, but it doesn't matter if they are in one of
the two groups you have to be a member of.

Then when a user with restrictions opens a link like schoolbank.nl for
instance they get a login screen that doesn't disappear anymore.
A user without restrictions can open the link without any problem.

Can you give me a clue?

Regards Jeroen Ruijter

Active Directory Windows 2003

Domain.local
  - Proxy
    - InternetAccessGroup
    - InternetAccessGroupRestricted

----------------------------------------------------------------

Squid.conf (version 3.0 installed on SuSE 11.2)
auth_param basic program /usr/sbin/squid_ldap_auth -v 3 -R -b
"dc=domain,dc=local" -D "cn=ldapuser,cn=users,dc=domain,dc=local" -w
"xxxxx" -f sAMAccountName=%s -h x.x.x.x
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hour

external_acl_type InetGroup %LOGIN /usr/sbin/squid_ldap_group -v 3 -R -b
"dc=domain,dc=local" -D "cn=ldapuser,cn=users,dc=domain,dc=local" -w
"xxxxx" -f "(&(objectclass=person) (sAMAccountName=%v)
(memberof=cn=%a,ou=proxy,dc=domain,dc=local))" -h x.x.x.x

acl users proxy_auth REQUIRED
acl InetAccess external InetGroup InternetAccessGroup
acl InetAccessRestricted external InetGroup
InternetAccessGroupRestricted
acl schoolbank.nl url_regex schoolbank.nl
acl users proxy_auth REQUIRED

http_access deny schoolbank.nl !InetAccess
http_access allow localnet users
Received on Thu Dec 03 2009 - 15:47:31 MST

This archive was generated by hypermail 2.2.0 : Fri Dec 04 2009 - 12:00:01 MST