Thanks, Adam,
The problem with external_acls is that I also use NTLM auth, and
external_acl is good if I have just one auth scheme. My squid firt
authenticate by NTLM and if the browser does not accepts NTLM (everything
else but IE), it authenticates with BASIC by LDAP.
For the group I can easly make a filter to ldap_auth to return just
users for a specific group. I already have this filter here...
Thanks...
Alex C. B. Antão
Analista de Sistemas e Suporte
ICQ: 5144629http://motoviagens.pagina.de
http://e-modelismo.pagina.de
Um "bom" pouso é aquele do qual você sai caminhando. Um "ótimo" pouso é
aquele depois do qual você pode usar o avião novamente.
-------Mensagem original-------
De: Adam Aube
Data: terça-feira, 08 de julho de 2003 09:31:05
Para: squid-users@squid-cache.org
Assunto: RE: [squid-users] --> Simple question about authentication
> If I change the FULANOS acl to
> acl FULANOS proxy_auth REQUIRED
> What will gonna happen ? Squid will allow access to anyone it can
> authenticate by LDAP ? regardless of my user list on SQUID?
Correct. REQUIRED will match any user Squid can successfully authenticate.
There is an external_acl LDAP group helper - you could use that to verify
that
your LDAP users are members of a specific group, and base authentication on
that.
I've never used the group helpers, so I can't give you any configuration
info, but
you should be able to find it easily on the list archive (search for "LDAP
auth").
Adam
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001
.
Received on Tue Jul 08 2003 - 06:42:40 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:53 MST