Hello Bradley,
I apologize for such a delay in responding to your message. Between work and home, I've been very busy...
As to using the SunONE SDK for interfacing LDAP data between Squid and a SunONE Directory server, I have not deployed such a solution. Here at Komatsu Canada Limited (KCL), I have deployed Squid using the standard Squid LDAP authentication and group helpers to interface with a SunONE Directory Server.
The sanitized relevant fragment of my Squid configuration I use is:
----------------------------------------------------------------------------------------
auth_param basic program /usr/lib/squid/squid_ldap_auth -h LDAP_HOST -p LDAP_PORT -P -b o=Base_OU -f "(|(uid=%s)(mail=%s))"
auth_param basic children 20 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 5 minute
external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -h LDAP_HOST -p LDAP_PORT -P -b o=Base_OU -F "(|(uid=%s)(mail=%s))" -f "(&(cn=%g)(uniquemember=%u)(objectClass=groupOfUniqueNames))"
----------------------------------------------------------------------------------------
I have approximately 700 web proxy users and six transparent web portal applications deployed through the Squid servers here at KCL. I upped the children from the default value to 20. More agents to handle LDAP authentication and group checks. So far, I have seen no performance problems. The Squid servers are dual PIII 1GHz SCSI-160 machines. Although I've learned Squid is not multi-CPU aware. :^(
Still even with using only one of the PIII processors, Squid does not consume too much. The servers are 90% plus idle. Disk transaction is moderate.
Hope this helps...
Tim
----------------------------------------------------------- Timothy E. Neto Computer Systems Engineer Komatsu Canada Limited Ph#: 905-625-6292 x265 1725B Sismet Road Fax: 905-625-6348 Mississauga, Canada E-Mail: tneto@xxxxxxxxxx L4W 1P9 -----------------------------------------------------------
BRADLEY PENDERGAST wrote:
Hi Tim,
I noticed a post the squid mailing list where you state that you have compiled squid successfully using the SUN SDK and are authenticating against SUNOne directory Server 5.2.
I am struggling to accomplish this same task and hope that you can assist. Following are my actions to date. I am using Squid2.5 stable7 and have downloaded the LDAP SDK ( dsrk52-SunOS5.8_OPT.zip and dsrk52-SunOS5.8_DBG.zip ) from java.sun.com. I have copied a set of lib and includes from the SDK to /usr/local/lib and /usr/local/include.
I use ./configure --enable-external-acl-helpers="ldap_group" --enable-auth="basic" --enable-basic-auth-helpers="LDAP"'
Then run gnu make and get the following errors when the squid_ldap_auth section is encountered.
make[2]: Entering directory `/opt/squid/src/squid-2.5.STABLE7/helpers/basic_auth' Making all in LDAP make[3]: Entering directory `/opt/squid/src/squid-2.5.STABLE7/helpers/basic_auth/LDAP' source='squid_ldap_auth.c' object='squid_ldap_auth.o' libtool=no \ depfile='.deps/squid_ldap_auth.Po' tmpdepfile='.deps/squid_ldap_auth.TPo' \ depmode=none /bin/sh ../../../cfgaux/depcomp \ gcc -DHAVE_CONFIG_H -I. -I. -I../../../include -I../../../include -g -Wall -c `test -f squid_ldap_auth.c || echo './'`squid_ldap_auth.c squid_ldap_auth.c: In function `open_ldap_connection': squid_ldap_auth.c:248: `LDAP_OPT_SUCCESS' undeclared (first use in this function) squid_ldap_auth.c:248: (Each undeclared identifier is reported only once squid_ldap_auth.c:248: for each function it appears in.) squid_ldap_auth.c:253: warning: implicit declaration of function `ldap_start_tls_s' make[3]: *** [squid_ldap_auth.o] Error 1 make[3]: Leaving directory `/opt/squid/src/squid-2.5.STABLE7/helpers/basic_auth/LDAP' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/opt/squid/src/squid-2.5.STABLE7/helpers/basic_auth' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/opt/squid/src/squid-2.5.STABLE7/helpers' make: *** [all-recursive] Error 1
I e-mailed the squid mailing list and did not receive any useful replies.
Are you able assist and tell me the iplanet libraries that you used and how you compliled squid.
Many thanks,
Brad Pendergast
________________________________________________________ NOTICE The information in this email and or any of the attachments may contain; a. Confidential information of Credit Union Services Corporation (Australia) Limited (CUSCAL) or third parties; and or b. Legally privileged information of CUSCAL or third parties; and or c. Copyright material of CUSCAL or third parties. If you are not an authorised recipient of this email, please contact CUSCAL immediately by return email or by telephone on 61-2-8299 9000 and delete the email from your system. We do not accept any liability in connection with computer virus, data corruption, interruption or any damage generally as a result of transmission of this email.
