Search squid archive
authenticate using ldap to AD for hostnames
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: authenticate using ldap to AD for hostnames
- From: Rolf Loudon <rolf@xxxxxxxxxxxxxx>
- Date: Wed, 19 Dec 2007 13:18:18 +1100
hi
I have used for many years auth for squid by looking up user/pass and
group membership against Active Directory.
I have found that I can place into AD groups, hostnames. The object
type of "computers" as AD describes it. querying the directory with
cn=<somehostname> returns the group as does cn=<somegroupname> return
that group's members.
I see that I can define an external ACL type and use %SRC, which is
the client ip. As the AD group contains hostnames, I'm trying to see
if I can write a simple helper that turns %SRC into a hostname and
perhaps in turn then calls squid_ldap_group to test the hostname value
for membership of a group, finally returning "OK" or "ERR" as
required. The end result is that if a certain hostname is in an AD
group then I can make acl decisions based on that.
But I'm not quite understanding enough. In particular the filter
specification to squid_ldap_group seems only to have the variables %u
and %g for username and group name and I don't see how to populate %u
in this context.
Is it the case that from
external_acl_type name %SRC /usr/lib/squid/squid_ldap_group ... -f
(&(cn=%u)(memberOf=%g)) ...
%u would equal %SRC ?
Any help much appreciated on how to do this, or another method to
achieve the same thing.
thanks
rolf.
[Index of Archives]
[Linux Audio Users]
[Samba]
[Big List of Linux Books]
[Linux USB]
[Yosemite News]