Search squid archive

Re: squid with ldap authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Here we go




Squid Authentication over LDAP (ADS 2003)


Software:
1.	Squid Cache: Version 2.5.STABLE1
Compiled with --enable-basic-auth-helpers=LDAP
2.	squid_ldap_auth (this program most of the time get installed with
installation of squid)
3.	An installed windows 2003 LDAP server



In order to get the LDAP authentication we need to have at least the
read privileges of a user to read the stuff from the LDAP server.  It
is also very required to know the search filter for the LDAP server.
In order to get the LDAP authentication functioning, one need to
update auth_param  parameter of /etc/squid/squid.conf file.

/etc/squid/squid.conf
------------------------------------------------------------------------------------------------------
auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b
"DC=xyz,DC=co,DC=in" -D "cn=binduserid,cn=users,dc=xyz,dc=co,dc=in" -w
"password"  -f "(&(|(objectCategory=group)(objectCategory=person))(&(sAMAccountName=%s)))"
-h 192.168.x.x
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours



1. 192.168.x.x is the ip of LDAP server and
2. "(&(|(objectCategory=group)(objectCategory=person))(&(sAMAccountName=%s)))"
 is search filter

Incase of any peer server one may use cache_peer  parameter to do the
forwarding. For e.g. If the main proxy is proxy.xyz.co.in than
cache_peer would be

cache_peer proxy.xyz.co.in    parent    80  3130 proxy-only





On 5/8/06, Om <omprakash@xxxxxxxxxxxx> wrote:
Hi Vaibhav,
Thanks for your mail.
If you have configured squid with LDAP authentication,
can you provide me any resources for that.

Thanks,
Omprakash,
Effigent India Pvt Ltd,
Hyderabad.
VAIBHAV NALDURGKAR wrote:
> Hi,
>
> After configuring squid with LDAP support it always pop up the user
> name and  pssword window for authentication but if you configured
> squid with NTLM support the authentication will be transparent to the
> users.
>
>
> Regards,
>
>
> Vaibhav
>
> On 5/2/06, Om <omprakash@xxxxxxxxxxxx> wrote:
>> Hi Friends,
>> Currently i am using ip address based acls to provide internet access to
>> the users in my company.
>> Recently we have installed LDAP-V 3.
>> Now I would like to provide internet access based on the LDAP-
>> authentication.
>> Can anybody suggest me how to go about it.
>>
>> Thanks,
>> Om.
>>
>
>




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux