[squid-users] SSO (ldap kerberos)

erdosain9 erdosain9 at gmail.com
Tue Sep 13 15:34:36 UTC 2016


Hi.
Thanks.
With "take" a mean... to control which group a user belongs. So I can apply
acl, etc to that groups.

Like this in ldap

# Active Directory
auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -b
"cn=Users,dc=example,dc=lan" -D squid at example.lan -w 123456  -f
sAMAccountName=%s -v 3 -s sub -h 192.168.1.109
auth_param basic children 10
auth_param basic realm SQUID
auth_param basic credentialsttl 2 hour

external_acl_type grupos ttl=360 %LOGIN /usr/lib64/squid/ext_ldap_group_acl
-d -R -b "dc=example,dc=lan" -D squid at example.lan -w 123456 -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=grupos,dc=example,dc=lan))"
-h 192.168.1.109


acl ifull  external grupos ifull
acl icontrol external grupos icontrol

But, in this way the web browser ask for user... and i want automatically
take the user that is logging on PC. 



--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/SSO-ldap-kerberos-tp4679470p4679484.html
Sent from the Squid - Users mailing list archive at Nabble.com.


More information about the squid-users mailing list