RE: [squid-users] External ACL - LDAP Authentication
On 2008-04-24 20:18 Matias Chris wrote > Hi there, this might be seen as offtopic but is part of our > proxy solution, there is some silly problem Im stuck with... > > I need to authenticate users with LDAP against a group called > "Domain Users" with the space in the middle. Is this possible? > > Im using squid_ldap_group scritp on the command line(for > testing), if I try with a one-word group like "Internet" it > gives me a OK, but if I try with "Domain Users" I allways > receive an ERR even If i send the group between "". Is there > any way to authenticate against a group called with more than > one word? > > >Thanks! Put the group into a file and authenticate using the file as source external_acl_type ldap_group %LOGIN /usr/sbin/squid_ldap_group -v3 -b "ou=Groups,dc=example,dc=com" -f "(&(cn=%g)(memberuid=%u))" localhost acl group_domainAdmins external ldap_group "/etc/squid/groups_domainAdmins" Philip
Re: [squid-users] External ACL - LDAP Authentication
fre 2008-04-25 klockan 13:19 +0200 skrev Mathieu Kretchner: > Is it possible to proxy an imap server with squid ? No, IMAP != HTTP. Some clients MAY be able to abuse the CONNECT method to connect to their IMAP server, but it's not something I would recommend. If you need a general-purpose TCP proxy then look into using a SOCKS proxy in addition to Squid. There is SOCKS proxies included in most Linux distributions today. Regards Henrik
Re: [squid-users] External ACL - LDAP Authentication
Is it possible to proxy an imap server with squid ? Thanks begin:vcard fn:Mathieu Kretchner n:Kretchner;Mathieu org:INRIA;Syslog adr;dom:;;2007 route des lucioles - BP93;Sophia Antipolis;;06902 CEDEX email;internet:[EMAIL PROTECTED] tel;work:04 92 38 76 67 x-mozilla-html:FALSE version:2.1 end:vcard
Re: [squid-users] External ACL - LDAP Authentication
Have you tried using single quotes? Also, try calling squid_ldap_group via Squid itself as this is how it's intended: it may avoid some weirdness. Failing that, just create a new group in AD called squidusers or something, and add the one member, "Domain Users." Here's the relevant bits of my squid.conf though I confess it's a while since I set it up so I'm a bit rusty with it. Works fine though. #TAG: auth_param auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b "dc=swarthmore,dc=org,dc=local" -D "cn=LDAP_guest,OU=ADMIN,DC=swarthmore,DC=org,DC=local" -w "" -f sAMAccountName=%s -h 10.4.0.3 auth_param basic children 5 auth_param basic realm "Donkey Centre" auth_param basic credentialsttl 5 minutes #TAG: external_acl_type external_acl_type InetUsersGroup %LOGIN /usr/lib/squid/squid_ldap_group -R -b "dc=swarthmore,dc=org,dc=local" -D "cn=LDAP_guest,OU=ADMIN,DC=swarthmore,DC=org,DC=local" -w "XXX" -f "(&(objectclass=person)(sAMAccountName=% v)(memberof=cn=%a,ou=users,dc=swarthmore,dc=org,dc=local))" -h 10.4.0.2 #TAG: acl acl localnet proxy_auth REQUIRED src 10.0.0.0/8 acl InetAccess external InetUsersGroup SquidUsers # TAG: http_access http_access allow InetAccess Try http://wiki.debian.org/DebianEdu/HowTo/Squid_LDAP_Authentication or http://linux.die.net/man/8/squid_ldap_group for more information about Squid and LDAP. Callum. On Thu, 2008-04-24 at 15:18 -0300, Matias Chris wrote: > Hi there, this might be seen as offtopic but is part of our proxy > solution, there is some silly problem Im stuck with... > > I need to authenticate users with LDAP against a group called "Domain > Users" with the space in the middle. Is this possible? > > Im using squid_ldap_group scritp on the command line(for testing), if > I try with a one-word group like "Internet" it gives me a OK, but if I > try with "Domain Users" I allways receive an ERR even If i send the > group between "". Is there any way to authenticate against a group > called with more than one word? > > >Thanks!
[squid-users] External ACL - LDAP Authentication
Hi there, this might be seen as offtopic but is part of our proxy solution, there is some silly problem Im stuck with... I need to authenticate users with LDAP against a group called "Domain Users" with the space in the middle. Is this possible? Im using squid_ldap_group scritp on the command line(for testing), if I try with a one-word group like "Internet" it gives me a OK, but if I try with "Domain Users" I allways receive an ERR even If i send the group between "". Is there any way to authenticate against a group called with more than one word? >Thanks!