I have squid running with SquidGuard using Active Directory for LDAP authentication. The problem I am seeing is the use of the AD attribute sAMAccountName for both userName and computerName. I thought I had a fix by adding sAMAccountType to my following squid_ldap_auth helper, but I am still seeing numerous computerNames rather than userNames being logged. The REAL problem is ACL matching, as I never know what I will be receiving from my users and do not wish to include computerName in my userlists. I have tested adding a couple of computerNames to the userlist which resolves blocked access messages for users with specialized access requirements.
Here is my current LDAP helper string:
auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -R -b "dc=base,dc=domain,dc=in,dc=our,dc=AD" -s sub -D "BASE\\user" -W "/squidGuard/filename" -f "(&(&(objectCategory=person)(sAMAccountName=%s)(sAMAccountType=805306368)))" -u sAMAccountName -P -v3 -Hldap://domain.com
I have been searching for a solution to this problem for more than a week, but have been unable to find one that works in my environment.
-Dustyn
Received on Wed May 23 2012 - 19:29:26 MDT
This archive was generated by hypermail 2.2.0 : Thu May 24 2012 - 12:00:04 MDT