Matthias Dettling" wrote: > grolschie wrote: > > Repost, as the first never came through at my end. > > Sorry if it's a dupe. > > > > --- > > Hi y'all. > > > > I have searched through the docs, and cannot find > > alot on ldap_auth. I use Squid + LDAP instead of > > SMB to authenticate against our 2003 Server. The > > problem is that we have two domains that I wish to > > authenticate against. Is it possible to do this > > with Squid and LDAP? > > > > Here is my current method: > > > > ################## > > auth_param basic program > > /usr/lib/squid/ldap_auth -R -b > > "dc=my,dc=domain,dc=org" -D > > "cn=Administrator,cn=Users,dc=my,dc=domain,dc=org" > > -w "mypassword" -f sAMAccountName=%s -h > > 192.168.1.1 > > > > auth_param basic children 5 > > auth_param basic realm Our Proxy > > auth_param basic credentialsttl 5 hours > > > > acl localnet proxy_auth REQUIRED src > > 192.168.1.0/24 192.168.100.0/24 > > > > http_access allow localnet > > http_access allow localhost > > http_access deny all > > ################### > > > > Is it possible to add another sub-domain into this > > equation to authenticate against? Our two domains > > are on the two networks listed above in localnet > > ACL, although our sub-domains DC has an IP address > > on both networks. I am not sure how to specify two > > domains and two domain controller IP's in the > > above. > > > > Sorry if this is a n00b question. I am kinda stuck > > and you seem to know alot about this field. And > > tips, greatly received. Thanks in advance. > > > > regards, > > grolschie > > > > > > > Hello grolschie, > > there are sure better solutions, but my one works too. > Instead of writing > "auth_param basic program /usr/lib/squid/ldap_auth ..." > you can use a shell script like that > auth_param basic program /shell/script. > > The only thing your script should do is write out "OK" or "ERR" to > stdout dependant on the result of your evaluation with > /usr/lib/squid/ldap_auth. > Tutorials on writing shell scripts can be found much on the net. > > I hope this helps. > > Regards > Matthias Thanks for that I will have a google for shell script writing tutorials. How are variables like %s etc passed through/from to the shell script though? Or does that not need to happen? regards, D.Radel (aka grolschie) P.S. I am told that my post was received by the group 4 times. Sorry about that. Must've been a gmail glitch is only the last email arrived in my inbox via the list - using my ISPs account.
