I have installed Squid-2.5.STABLE2 on an RedHat Advanced Server.
Until now we authenticated our users via LDAP with squid_ldap_auth. It worked fined as long as we interrogating only one branch of our LDAP tree
Here is our LDAP configuration :
ou=Entity1, ou=public
/
c=fr, o=cnamts, - ou=Entity2, ou=public
\
ou=Entity3, ou=publicWhat is more, for each branch there are several user groups used to handle different internet access rights (GR-I-EntityX-LevelY) through squid_ldap_group
I though I read squid_ldap_auth could only cope with one LDAP-branch. Is that correct or it is possible to work with several branches ?
If squid_ldap_auth can't, do you know any other mean to handle this case ?
Thanks
Louis
Here is a part of my squid.conf which currently manages 1 LDAP branch
-------------
auth_param basic program /usr/lib/squid/squid_ldap_auth -u uid -b ou=public,ou=Entity,o=cnamts,c=fr -h @_IP_LDAP -p 389
auth_param basic children 10
external_acl_type ldapgroup %LOGIN /usr/lib/squid/squid_ldap_group -b "ou=public,ou=Entity,o=cnamts,c=fr" -f "(&(cn=%a)(uniquemember=uid=%v,*)(objectclass=groupOfUniqueNames))" -h @_IP_LDAP -p 389
acl group_Internet external ldapgroup GR-I-Entity-Level1 acl group_Internet_all external ldapgroup GR-I-Entity-Level2
http_access allow group_Internet sitesLoc http_access allow group_Internet_All sitesNat --------------
