[squid-users] Integrate Squid Kerberos auth and Squidguard ldapusersearch into AD
Marcus Kool
marcus.kool at urlfilterdb.com
Wed Apr 15 16:08:17 UTC 2015
On 04/15/2015 11:38 AM, tchristin wrote:
> Hi all,
>
> I'm having trouble with Squid Kerberos auth and the Squidguard
> ldapusersearch that I use to apply ACLs by Active Directory groups
> membership.
>
> The problem is :
>
> - Squid and Squidguard see my user as : 'user at domain.local' so the '%s'
> variable of squidguard is 'user at domain.local'.
> - In my ldap query there is no default property that can interpret this
> string.
>
> So I would like to strip/hide the realm of the username to let the LDAP
> query work with the sAMAccountName attribute.
>
> How can I proceed to have %s = user and not %s = user at domain.local ?
If you replace squidGuard by ufdbGuard, ufdbGuard does it for you if you set the option
strip-domain-from-username on
Note that ufdbGuard is not 100% compatible with squidGuard and you need to read section 9.3
of the Reference Manual of ufdbGuard to configure ufdbGuard correctly.
Marcus
> I precise that the UPN is equal to the mail adress so it's not usable.
>
> I'm using version 3.1.20 of Squid Cache and version 1.5 (debian package of
> squidGuard).
>
> Thanks for your help !
More information about the squid-users
mailing list