[squid-users] SSO (ldap kerberos)
erdosain9
erdosain9 at gmail.com
Tue Sep 13 15:34:36 UTC 2016
Hi.
Thanks.
With "take" a mean... to control which group a user belongs. So I can apply
acl, etc to that groups.
Like this in ldap
# Active Directory
auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -b
"cn=Users,dc=example,dc=lan" -D squid at example.lan -w 123456 -f
sAMAccountName=%s -v 3 -s sub -h 192.168.1.109
auth_param basic children 10
auth_param basic realm SQUID
auth_param basic credentialsttl 2 hour
external_acl_type grupos ttl=360 %LOGIN /usr/lib64/squid/ext_ldap_group_acl
-d -R -b "dc=example,dc=lan" -D squid at example.lan -w 123456 -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=grupos,dc=example,dc=lan))"
-h 192.168.1.109
acl ifull external grupos ifull
acl icontrol external grupos icontrol
But, in this way the web browser ask for user... and i want automatically
take the user that is logging on PC.
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/SSO-ldap-kerberos-tp4679470p4679484.html
Sent from the Squid - Users mailing list archive at Nabble.com.
More information about the squid-users
mailing list