Search squid archive

authenticate using ldap to AD for hostnames

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi

I have used for many years auth for squid by looking up user/pass and group membership against Active Directory.

I have found that I can place into AD groups, hostnames. The object type of "computers" as AD describes it. querying the directory with cn=<somehostname> returns the group as does cn=<somegroupname> return that group's members.

I see that I can define an external ACL type and use %SRC, which is the client ip. As the AD group contains hostnames, I'm trying to see if I can write a simple helper that turns %SRC into a hostname and perhaps in turn then calls squid_ldap_group to test the hostname value for membership of a group, finally returning "OK" or "ERR" as required. The end result is that if a certain hostname is in an AD group then I can make acl decisions based on that.

But I'm not quite understanding enough. In particular the filter specification to squid_ldap_group seems only to have the variables %u and %g for username and group name and I don't see how to populate %u in this context.

Is it the case that from

external_acl_type name %SRC /usr/lib/squid/squid_ldap_group ... -f (&(cn=%u)(memberOf=%g)) ...

%u would equal %SRC ?

Any help much appreciated on how to do this, or another method to achieve the same thing.

thanks

rolf.





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux