Search squid archive

Re: [squid-users] squid_ldap_group user authorization

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Yes, I tried a search filters with ldapsearch. (ldapsearch -h ldapsrv1 -D "uid=jkamdar,o=mitre.org" -b "o=mitre.org" cn="Kamdar,Jayesh H.")

Now, before I get into details about syntex with squid ...I am confused about
- squid_ldap_match
- squid_ldap_auth
- squid_ldap_group


I do have binaries for squid_ldap_match and squid_ldap_auth but I can only find man page on the net for squid_ldap_group. It looks like I need to use squid_ldap_group for what I need to do. Where can I find it?

Please let me know. Sorry for asking some basic quesions but I am new to all these and really confused.

Thanks for your help,
Jayesh

Ytzhak Levy wrote:

Did you test this filter and your credentials with ldapsearch ?
this is the first step.

then test squid_auth_auth from a terminal. I dont know if squid_ldap_auth have a debug mode as squid_ldap_group.

squid_auth_ldap didnt work in my site, but i build a perl script that do (basically) the same thing:

#!/usr/bin/perl

$| = 1;
while(<>){

       ($user,$passwd) = split;
       $res = system("ldapsearch -h SERVR_IP -b BASE_SEARCH -D \"AD_domain\\$user\" -w $passwd \"(sAMAccountName=$user)\" > /dev/null");
       if ($res == 0){ print "OK\n"; }
       else { print "ERR\n"; }

}

this works well in Active Directory.

replace the filter with the attributes that you want to find.


cheers




Please tell me your syntax that you use in your conf. file.

Here is what I have ...

auth_param basic program /usr/lib/squid/squid_ldap_auth -h ldapsrv1.mitre.org -b "o=mitre.org" -D "ou=people,o=mitre.org" -f "(&(CN=%s)(memberOf=CN=osis_proxyauth_lg))"

So when I tried to use this proxy, the dialog box pops up. I type in username and pasword but it fails with error in squid.log ...
1111177616.481 12 india.mitre.org TCP_DENIED/407 1742 POST http://shttp.msg.yahoo.com/notify/ jkamdar NONE/- text/html


It doesn't even tries to access my ldapserver, so something is wrong on my config.

Can you please help me out?

Thanks,
Jayesh

Ytzhak Levy wrote:



Thanks !!!

All works fine now.

The only thing that i have to did is to put AD_domain\\lookup, in the login name param.


Cheers







On Sat, 19 Mar 2005, Ytzhak Levy wrote:





#dn of group: CN=CGI - Rede,OU=Global,OU=Grupos,DC=mydomain,DC=com
acl REDE_GRP external ldap_group CGI\ -\ Rede




This does not work.

Currently the only way to define acl elements with spaces in them is to use an acl file.

acl REDE_GRP external ldap_group "/path/to/group.txt"

where /path/to/group.txt contains
CGI - Rede

Regards
Henrik













[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux