[squid-users] Squid Cache: Version 3.5.16 and ext_ldap_group_acl
Thomas Elsäßer
elsaesser at animate.de
Tue Apr 12 10:52:18 UTC 2016
Am 12-04-2016 10:58, schrieb Amos Jeffries:
> On 12/04/2016 8:36 p.m., Thomas Elsäßer wrote:
>> Dear all,
>>
>> I call from Shell:
>>
>> /usr/local/squid/libexec/ext_ldap_group_acl -d -R -b
>> "OU=UMW,DC=a,DC=b,DC=de" -D "XXXXXXX at a.b.DE" -w "XXXXXXX" \
>> -f
>> "(&(objectClass=person)(sAMAccountName=%v)(MemberOf=CN=%g,OU=DomLokaleGruppen,OU=Gruppen,OU=Benutzer,OU=Min-PRD,OU=XXX,DC=a,DC=b,DC=de))"
>> -h dc.a.b.de
>>
> <snip>
>>
>> And i trace the helper process, i can see that squid replace the %v
>> with
>> username at a.b.de
>> So the helper give an ERR return to squid.
>>
>> Where can i this configure , that passed variable is only the username
>> ?
>
> That is the user name/label as provided to Squid by the auth helper. It
> depends on whether the particular auth helper(s) you are using allow
> the
> credentials domain to be cropped away.
>
> Since it is using "@" symbol look at the Negotiate auth helper options.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
yes - sorry for the stupid questions - the minus r option is that what i
need. thanks again!!!
auth_param negotiate program
/usr/local/squid/libexec/negotiate_kerberos_auth -d -r -s HTTP/...
Best wishes
Thomas
More information about the squid-users
mailing list