[squid-users] LDAP acl groups

Leonardo Bacha Abrantes Wed, 25 Jan 2017 07:29:37 -0800

Hi guys,

I have an active directory running on windows server 2008 r2 and squid
(version 3.5.20 - CentOS 7) authenticating via LDAP (without kerberos).
The ldap authentication is working, the trouble is to create ACLs based on
active directory groups.



OBS: When I run both basic_ldap_auth and ext_ldap_group_acl commands
manually as squid user in console to test, I receive 'OK' as answer.


--->>> My squid.conf:

auth_param basic program /usr/lib64/squid/basic_ldap_auth -P -R -b
ou=Users,ou=city,ou=country,dc=company,dc=local -D
CN=bindUser,DC=company,DC=local -W PasswdFile -f sAMAccountName=%s -h
192.168.1.9
auth_param basic children 10
auth_param basic realm XXXXX
auth_param basic credentialsttl 10 minutes

external_acl_type memberof %LOGIN /usr/lib64/squid/ext_ldap_group_acl -P -R
-b OU=city,OU=country,DC=company,DC=local -D
CN=bindUser,DC=company,DC=local -W PasswdFile -h 192.168.1.9 -f
'(&(objectClass=person)(sAMAccountName=%v)(memberOf=CN=%a,OU=Groups,OU=city,OU=country,dc=company,dc=local))'

#Also tried memberOf=CN=%*g*

acl fullaccess  external memberof squid_fullaccess

acl LdapUsers proxy_auth REQUIRED
http_access allow fullaccess LdapUsers

###

When I try to authenticate on proxy it still prompting for user/password
and any ldap query was done in domain controller looking to check if user
is member of squid_fullaccess group.


Can you give me some help please ?

Many thanks!

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] LDAP acl groups

Reply via email to