[squid-users] LDAP acl groups
Leonardo Bacha Abrantes
leonardo at lbasolutions.com
Wed Jan 25 15:28:41 UTC 2017
Hi guys,
I have an active directory running on windows server 2008 r2 and squid
(version 3.5.20 - CentOS 7) authenticating via LDAP (without kerberos).
The ldap authentication is working, the trouble is to create ACLs based on
active directory groups.
OBS: When I run both basic_ldap_auth and ext_ldap_group_acl commands
manually as squid user in console to test, I receive 'OK' as answer.
--->>> My squid.conf:
auth_param basic program /usr/lib64/squid/basic_ldap_auth -P -R -b
ou=Users,ou=city,ou=country,dc=company,dc=local -D
CN=bindUser,DC=company,DC=local -W PasswdFile -f sAMAccountName=%s -h
192.168.1.9
auth_param basic children 10
auth_param basic realm XXXXX
auth_param basic credentialsttl 10 minutes
external_acl_type memberof %LOGIN /usr/lib64/squid/ext_ldap_group_acl -P -R
-b OU=city,OU=country,DC=company,DC=local -D
CN=bindUser,DC=company,DC=local -W PasswdFile -h 192.168.1.9 -f
'(&(objectClass=person)(sAMAccountName=%v)(memberOf=CN=%a,OU=Groups,OU=city,OU=country,dc=company,dc=local))'
#Also tried memberOf=CN=%*g*
acl fullaccess external memberof squid_fullaccess
acl LdapUsers proxy_auth REQUIRED
http_access allow fullaccess LdapUsers
###
When I try to authenticate on proxy it still prompting for user/password
and any ldap query was done in domain controller looking to check if user
is member of squid_fullaccess group.
Can you give me some help please ?
Many thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170125/222f7557/attachment.html>
More information about the squid-users
mailing list