Search squid archive

Re: [squid-users] Configuring authentication with ldap_auth and two domains?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



D & E Radel schrieb:
Matthias Dettling" wrote:

grolschie wrote:

Repost, as the first never came through at my

end.

Sorry if it's a dupe.

---
Hi y'all.

I have searched through the docs, and cannot

find

alot on ldap_auth. I use Squid + LDAP instead

of

SMB to authenticate against our 2003 Server.

The

problem is that we have two domains that I

wish to

authenticate against. Is it possible to do

this

with Squid and LDAP?

Here is my current method:

##################
auth_param basic program
/usr/lib/squid/ldap_auth -R -b
"dc=my,dc=domain,dc=org" -D


"cn=Administrator,cn=Users,dc=my,dc=domain,dc=org"

-w "mypassword" -f sAMAccountName=%s -h
192.168.1.1

auth_param basic children 5
auth_param basic realm Our Proxy
auth_param basic credentialsttl 5 hours

acl localnet proxy_auth REQUIRED src
192.168.1.0/24  192.168.100.0/24

http_access allow localnet
http_access allow localhost
http_access deny all
###################

Is it possible to add another sub-domain into

this

equation to authenticate against? Our two

domains

are on the two networks listed above in

localnet

ACL, although our sub-domains DC has an IP

address

on both networks. I am not sure how to specify

two

domains and two domain controller IP's in the
above.

Sorry if this is a n00b question. I am kinda

stuck

and you seem to know alot about this field.

And

tips, greatly received. Thanks in advance.

regards,
grolschie




Hello grolschie,

there are sure better solutions, but my one

works too.

Instead of writing
"auth_param basic program

/usr/lib/squid/ldap_auth ..."

you can use a shell script like that
auth_param basic program /shell/script.

The only thing your script should do is write

out "OK" or "ERR" to

stdout dependant on the result of your

evaluation with

/usr/lib/squid/ldap_auth.
Tutorials on writing shell scripts can be found

much on the net.

I hope this helps.

Regards
Matthias


Thanks for that I will have a google for shell
script writing tutorials. How are variables like
%s etc passed through/from to the shell script
though? Or does that not need to happen?

regards,
D.Radel (aka grolschie)

P.S. I am told that my post was received by the
group 4 times. Sorry about that. Must've been a
gmail glitch is only the last email arrived in my
inbox via the list - using my ISPs account.


Hello grolschie,

as I know %s isn't a variable that is passed to /usr/lib/squid/ldap_auth, instead it is a variable from that program, which tells it, that %s must be replaced with the username.
By the way parameters of a shell script can be found in $1, $2, ...


The name, password pair is passed to the script by the auth_param basic program command. What you have to do is reading from stdin and pass it to all of your /usr/lib/squid/ldap_auth commands in the script and then evaluate the result.

Reading from stdin, can be done by something like this:
--------------------
#!/bin/sh

# reading stdin
INP=`cat`

# pass stdin to /usr/lib/squid/ldap_auth
DOM1=`echo $INP | /usr/lib/squid/ldap_auth ...`
DOM2=`echo $INP | /usr/lib/squid/ldap_auth ...`
...
--------------------

Now the only thing you have to do is evaluate DOM1, DOM2, ... if one of it equals to "OK". And depending on this execute echo "OK" or echo "ERR".

I hope this helps.

Regards
Matthias

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux