Search squid archive

Re: Antw: RE: Antw: RE: squid-3.3.8-26.el7_2.4.x86_64 using Novell eDirectory with /usr/lib64/squid/digest_edirectory_auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



What have  you tried to test the helpers by themselves?
Let say you run from the command line the command which squid runs and like in the example in the mailing list which I attached,
What happens?

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer@xxxxxxxxxxxx


-----Original Message-----
From: bjoern wahl [mailto:bjoern.wahl@xxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, December 14, 2016 2:06 PM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx; eliezer@xxxxxxxxxxxx
Subject: Antw: RE: Antw: RE:  squid-3.3.8-26.el7_2.4.x86_64 using Novell eDirectory with /usr/lib64/squid/digest_edirectory_auth

I would like to use a group, but i would be happy if anything with ldap would be working.

Just in case, i did a tcpdump an i can see that the server communicates with the ldap-server, and that the squid gets an answer.



>>> Eliezer Croitoru <eliezer@xxxxxxxxxxxx> 13.12.16 14.37 Uhr >>>
Which of the helpers are you having issues with?
The Group or the user one?
I did some experiment with ldap groups which can be found at:
http://lists.squid-cache.org/pipermail/squid-users/2015-July/004874.html

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer@xxxxxxxxxxxx


-----Original Message-----
From: bjoern wahl [mailto:bjoern.wahl@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, December 13, 2016 9:15 AM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx; eliezer@xxxxxxxxxxxx
Subject: Antw: RE:  squid-3.3.8-26.el7_2.4.x86_64 using Novell eDirectory with /usr/lib64/squid/digest_edirectory_auth


Hello!

Thanks for the fast response.

I got the Ldap-Auth working with

SLES11.4 / squid3-3.1.23-8.16.33.2
=========================================================================================================
auth_param basic program /usr/sbin/squid_ldap_auth -d -D "cn=xxx,o=xxxx"
-w xx -b o=x -s sub -f "(&(objectclass=User)(cn=%s))" -h ldaps://xxxx -p
636

external_acl_type ldap_group %LOGIN /usr/sbin/squid_ldap_group -d -D
"cn=xx,o=x" -w ldap -b o=x -s sub -f
"(&(objectclass=User)(cn=%u)(groupMembership=%g))" -h ldaps://x -p 636
=========================================================================================================

but now i would like to do it with

CentOS Linux release 7.2.1511 / squid-3.3.8-26.el7_2.4.x86_64

and it turned out the I have no more "squid_ldap_auth" but i found
"basic_ldap_auth".
So it tried switching "squid_ldap_auth" to "basic_ldap_auth" but that
did not work....

I get the login window, but even if i enter a vaild user, i can not
access a website.

squid.conf looks like this:

=========================================================================================================
auth_param basic program /usr/lib64/squid/basic_ldap_auth -d -D
"cn=xxx,o=xxx" -w xxx -b o=xxx -s sub -f "(&(objectclass=User)(cn=%s))"
-h ldaps://xxxx -p 636

auth_param basic children 5
auth_param basic credentialsttl 2 hours
acl ediruser proxy_auth REQUIRE
http_access allow ediruser
http_access deny all

=========================================================================================================


>>> Eliezer Croitoru <eliezer@xxxxxxxxxxxx> 12.12.16 15.28 Uhr >>>
Hey,

digest_edirectory_auth is not for LDAP but for edirectory but I a not
too familiar with this to tell you how to test.
Basically you need a "basic" ldap authentication helper Which the source
is:
http://bazaar.launchpad.net/~squid/squid/3.5/files/head:/helpers/basic_auth/LDAP/
And we are also missing the squid.conf.
Try find out if there some helper in the /usr/lib64/squid/ directory
which contains ldap.

Let me know if we are on the right direction.

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer@xxxxxxxxxxxx


-----Original Message-----
From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On
Behalf Of bjoern wahl
Sent: Monday, December 12, 2016 3:53 PM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject:  squid-3.3.8-26.el7_2.4.x86_64 using Novell
eDirectory with /usr/lib64/squid/digest_edirectory_auth

Hello!

I would like to install a squid-3.3.8-26.el7_2.4.x86_64 (CentOS7) using
LDAP auth with digest_edirectory_auth, but i can not get it working.

Does anybody user this ?

I tried:


/usr/lib64/squid/digest_edirectory_auth -A password -l : -e -v 3 -D
"cn=xxxx,o=xxxxx" -b "o=xxxxx" -w xxxx -b o=xxxx -s sub -F
"(&(objectclass=User)(cn=%s))" -Z -h ldaps://xxxxxx -n

but i only get:


user1 pw1
ERR
user2 pw2
ERR
user3 pw3
ERR

Any ideas ?


Thanks, Björn !

Träger: Klinikum Westmünsterland GmbHGeschäftsführer: Christoph Bröcker, Ludger Hellmann (Sprecher)
Aufsichtsratsvorsitzender: Jürgen Büngeler

Diese E-Mail enthält vertrauliche oder rechtlich geschützte
Informationen. Wenn Sie nicht der beabsichtigte Empfänger sind,
informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail.
Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der
enthaltenen Informationen ist nicht gestattet.



_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users


Träger: Klinikum Westmünsterland GmbH
Jur. Sitz der Gesellschaft: Am Boltenhof 7, 46325 Borken Registergericht
Coesfeld, HRB Nr. 4184 I Ust.-Id.Nr.: DE123762133
Geschäftsführer: Christoph Bröcker, Ludger Hellmann (SprechDiese E-Mail
enthält vertrauliche oder rechtlich geschützte Informationen. Wenn Sie
nicht der beabsichtigte Empfänger sind, informieren Sie bitte sofort den
Absender und löschen Sie diese E-Mail.
Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der
enthaltenen Informationen ist nicht gestattet.






Träger: Klinikum Westmünsterland GmbH
Jur. Sitz der Gesellschaft: Am Boltenhof 7, 46325 Borken
Registergericht Coesfeld, HRB Nr. 4184 I Ust.-Id.Nr.: DE123762133
Geschäftsführer: Christoph Bröcker, Ludger Hellmann (Sprecher)
Aufsichtsratsvorsitzender: Jürgen Büngeler

Diese E-Mail enthält vertrauliche oder rechtlich geschützte
Informationen. Wenn Sie nicht der beabsichtigte Empfänger sind,
informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail.
Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der
enthaltenen Informationen ist nicht gestattet.




_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux