On Sat, 23 Oct 2004, Eric.chen wrote:
auth_param basic program /usr/lib/squid/squid_ldap_auth -b "dc=xyz,dc=local" - D "CN=ldapgroup,CN=USERS,DC=xyz,DC=local" -w "123456" -f "(&(sAMAccountName=%s)(objectClass=Person))" 192.168.0.1
external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group - b "dc=xyz,dc=local" -D "CN=ldapgroup,CN=TEMP,DC=xyz,DC=local" -w "123456" -f "(&(CN=%g)(member=% u))" -F "sAMAccountName=%s" 192.168.0.1
For completeness the -F argument to squid_ldap_group should match the -f argument to squid_ldap_auth..
acl ulocal proxy_auth REQUIRED
You don't need this acl if you are using groups..
acl uldap_group external ldap_group internet http_access allow uldap_group
Looks fine to me.
What does the other http_access rules look like?
Regards Henrik
