Ok..sure....
I`d like to use the ediretory LDAP to auth users being member of a specific group which allows them to access the internet via squid-Server.
now i allready found that this might be the "auth_param basic program /usr/lib64/squid/basic_ldap_auth" which already asks for username an password but it does not give me any access to the internet never the less what group i am in or not....
I think its about the wrong
Code:
# /usr/lib64/squid/basic_ldap_auth -d -b "cn=ldap,o=xxxx" -w xxxxx -b o=xxxx -s sub -f "(&(objectclass=User)(cn=%s)(groupMembership=%g))" -h ldaps://1xxx -p 636
ldap ldap
basic_ldap_auth.cc(685): pid=11111 :user filter '(&(objectclass=User)(cn=ldap)(groupMembership=6.95281e-310))', searchbase 'o=xxx'
basic_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server'
ERR Success
ERR Missing username
ldapsearch works, and i can see that the ldap-server is responding....
found digest_edirectory_auth working on that....
that looks good, but does not work.
I used:
Quote:
/usr/lib64/squid/digest_edirectory_auth -A password -v 3 -D "cn=ldap,o=xxx" -b "o=kxxx" -w xxxx -b o=xxxxx -s sub -F "(&(objectclass=User)(cn=%s))" -h xxxxxx
user pw
ER
|
I am not sure if "-A password" is the right field. Any idea ?