Repost, as the first never came through at my end. Sorry if it's a dupe.
--- Hi y'all.
I have searched through the docs, and cannot find alot on ldap_auth. I use Squid + LDAP instead of SMB to authenticate against our 2003 Server. The problem is that we have two domains that I wish to authenticate against. Is it possible to do this with Squid and LDAP?
Here is my current method:
################## auth_param basic program /usr/lib/squid/ldap_auth -R -b "dc=my,dc=domain,dc=org" -D "cn=Administrator,cn=Users,dc=my,dc=domain,dc=org" -w "mypassword" -f sAMAccountName=%s -h 192.168.1.1
auth_param basic children 5 auth_param basic realm Our Proxy auth_param basic credentialsttl 5 hours
acl localnet proxy_auth REQUIRED src 192.168.1.0/24 192.168.100.0/24
http_access allow localnet http_access allow localhost http_access deny all ###################
Is it possible to add another sub-domain into this equation to authenticate against? Our two domains are on the two networks listed above in localnet ACL, although our sub-domains DC has an IP address on both networks. I am not sure how to specify two domains and two domain controller IP's in the above.
Sorry if this is a n00b question. I am kinda stuck and you seem to know alot about this field. And tips, greatly received. Thanks in advance.
regards, grolschie
Hello grolschie,
there are sure better solutions, but my one works too. Instead of writing "auth_param basic program /usr/lib/squid/ldap_auth ..." you can use a shell script like that auth_param basic program /shell/script.
The only thing your script should do is write out "OK" or "ERR" to stdout dependant on the result of your evaluation with /usr/lib/squid/ldap_auth.
Tutorials on writing shell scripts can be found much on the net.
I hope this helps.
Regards Matthias