Am 12-04-2016 10:58, schrieb Amos Jeffries:
On 12/04/2016 8:36 p.m., Thomas Elsäßer wrote:
Dear all,
I call from Shell:
/usr/local/squid/libexec/ext_ldap_group_acl -d -R -b
"OU=UMW,DC=a,DC=b,DC=de" -D "xxxx...@a.b.de" -w "XXXXXXX" \
-f
"(&(objectClass=person)(sAMAccountName=%v)(MemberOf=CN=%g,OU=DomLokaleGruppen,OU=Gruppen,OU=Benutzer,OU=Min-PRD,OU=XXX,DC=a,DC=b,DC=de))"
-h dc.a.b.de
<snip>
And i trace the helper process, i can see that squid replace the %v
with
usern...@a.b.de
So the helper give an ERR return to squid.
Where can i this configure , that passed variable is only the username
?
That is the user name/label as provided to Squid by the auth helper. It
depends on whether the particular auth helper(s) you are using allow
the
credentials domain to be cropped away.
Since it is using "@" symbol look at the Negotiate auth helper options.
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
yes - sorry for the stupid questions - the minus r option is that what i
need. thanks again!!!
auth_param negotiate program
/usr/local/squid/libexec/negotiate_kerberos_auth -d -r -s HTTP/...
Best wishes
Thomas
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
