SquidGuard ldap user acl
-
Dear Members,
Greetings of New Year,
I am using pfsense 2.4.4-RELEASE-p3. as firewall and proxy server and Zentyal 6 as my active directory.
I have successfully integrated squid to my active directory (Linux AD i.e. Zentyal 6) usind ldap authentication, below are the configuration parameter.
Authentication Method : LDAP
Authentication Server : 192.168.3.1
Authentication server port : 389
LDAP Version : 2
LDAP Server User DN : CN=Administrator,CN=Users,DC=pe,DC=com
LDAP Base Domain : DC=pe,DC=com
LDAP Username DN Attribute : sAMAccountName
LDAP Search Filter : (sAMAccountName=%s)I can successfully authenticate the users with above setting.
Apart from that I want group base acl in squidguard with following settings.
On main page
Enable Ldap Filter = Checked
Ldap DN = cn=squid,dc=pe,dc=com
LDAP DN Password = password of user squid
Strip NT domain name = Checked
Strip Kerberos Realm = Checked
LDAP Version = 2In Group filter I have created HOD group and using ldapuser search as follows.
ldapusersearch ldap://192.168.3.1:3268/DC=pe,DC=com?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=HOD%2cOU=HOD%2cDC=pe%2cDC=com))
Which means if an authenticated user is the member of HOD in AD then it will use the HOD group filter in SquidGuard. (Please correct me if I am wrong here.)
But still my HOD users request going through the Common ACL.
Please suggest what is wrong in my configuration.
-
I would certainly expect that to work, or that approach at least, as long as that user really is in that group and LDAP is returning it.
Check the logs.Steve