Search squid archive

Re: [squid-users] Regarding Squid+Ldap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi.

Sorry, but I am not familiar with OpenLDAP. I have only gotten this to work with Server 2003 Active Directory.
Maybe someone else reading this can help. I am not sure what you will need for the "-f" parameter. Try this for some examples though:
http://www.die.net/doc/linux/man/man8/squid_ldap_auth.8.html


I have read of people doing it this way:
   authenticate_program /usr/local/squid/bin/ldap_auth
   authenticate_options ldap.yourdomain.com 389 dc=yourdomain,dc=com uid
   authenticate_children 2

The commandline is the easiest way to debug this. To save re-typing complex stuff to the commandline, put it in a script such as this:

   while read INP; do

# Use username and password to authenticate against TEMP1
TEMP1=`echo $INP | /usr/lib/squid/ldap_auth -R -b "dc=mydomain,dc=com" -D
"cn=Administrator,cn=Users,dc=mydomain,dc=com" -w "mypassword"
-f sAMAccountName=%s -h 192.168.1.1`


       # If username and password is correct, output "OK"
       if [ "$TEMP1" == "OK" ]; then
           echo "OK"
       else
           echo "ERR"
       fi
   done

Then go: echo "username password" | ./scriptname.sh

Modify the script and re-run until you get it working. Saves alot of typing errors on the commandline. Probably not the most elegant way of writing the script, but it works for me. :-)

regards
Dietrich


----- Original Message ----- From: "selvam E" <selvame@xxxxxxxxxxxxxxxxx>
To: <squid-users@xxxxxxxxxxxxxxx>
Cc: "D & E Radel" <radel@xxxxxxxxxxx>
Sent: Wednesday, May 25, 2005 11:13 PM
Subject: Re: [squid-users] Regarding Squid+Ldap



Hi,

Thank u for your reply.

But I am using Openldap for authentication. I do not have Sam account in Openldap. So I am entred command line line like this,
auth_param basic program /usr/lib/squid/squid_ldap_auth
-b "dc=quest,dc=com"
-D "cn=Manager,*cn=User*,dc=quest,dc=com" #### for cn=User what i have to enter
-w "my_password_here"
-f sAMAccountName=%s ### for openldap what i have to enter here
-h 192.168.1.1
Note: I think cn=User is a OU. In my openldap I have created Peple. In that I entered all my users attributes.


Thanking your.

Regards,

Selvam E.

D & E Radel wrote:

Hi

You should probably comment out multiple attempts to authenticate. In your second attempt you have spelt "quest" as "qust". You also haven't specified an OU for the user "Manager", or a -f parameter.

Try debugging at the commandline. eg:
   echo "username password" | /usr/lib/squid/squid_ldap_auth -b.......

You should get either a "OK" or an "ERR". Anything else, then you need to check your syntax and parameters.

In your squid.conf, all on the same line it should read something like this:

   auth_param basic program /usr/lib/squid/squid_ldap_auth
         -b "dc=quest,dc=com"
         -D "cn=Manager,cn=Users,dc=quest,dc=com"
         -w "my_password_here"
         -f sAMAccountName=%s
         -h 192.168.1.1

This page gave me alot of help:

http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory

One thing that causes problems is if the password of the administrator (in your case, the user called "Manager") has non-alphanumeric characters. In my case, my problem was that the administrator password had an "!" in it, and I had to use an "\" before the "!", i.e. "\!".

Regards,
Dietrich

----- Original Message ----- From: "selvam" <selvame@xxxxxxxxxxxxxxxxx>
To: <squid-users@xxxxxxxxxxxxxxx>
Cc: <hno@xxxxxxxxxxxxxxx>
Sent: Wednesday, May 25, 2005 8:25 PM
Subject: [squid-users] Regarding Squid+Ldap


Hi,

I am configure squid.conf with following setting for ldap authentication.

auth_param basic program /usr/lib/squid/squid_ldap_auth -b
"dc=quest,dc=com" -D 'cn=Manager,dc=quest,dc=com' -w z -h 192.168.1.1
#auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/password
auth_param basic program /usr/lib/squid/squid_ldap_auth -b "dc=qust,dc=com" -w "z" -h 192.168.1.1


But i am unbable to authenticate thr ldap
please help me
I am already posted this query to squid-users but no reply or solution

Hendrik please help me to solve this problem


Thanking you.

Regards,

Selvam E.






[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux