Re: [squid-users] squid+ldap authentication

From: Henrik Nordstrom <[email protected]>
Date: Wed, 5 Dec 2001 12:14:38 +0100

There is quite a bit of documentation on the LDAP helper shipped with Squid,
and the FAQ has a fair bit of information on authentication in general.

To the core Squid LDAP is just a password source, configured like any other
password authorization.

Regards
Henrik

On Wednesday 05 December 2001 11.18, Jack wrote:
> Hello Henrik,
> Thanks
> I was not able to open
> http://orca.cisti.nrc.ca/~gnewton/opensource/squid_ldap_auth/
>
> Do you have anyother link that explains squid+ldap
>
> Thanks
> Jack
>
> ----- Original Message -----
> From: Henrik Nordstrom <hno@marasystems.com>
> To: Jack <sa_jill@yahoo.co.uk>
> Cc: <squid-users@squid-cache.org>
> Sent: Tuesday, December 04, 2001 9:25 PM
> Subject: Re: [squid-users] squid+ldap authentication
>
> > You do not have a flat LDAP namespace for your users. Consequently you
>
> need
>
> > to use the search mode of squid_ldap_auth to locate the users DN.
> >
> > See the documentaion supplied with squid_ldap_auth.
> >
> > Note: Squid ldap_auth from Squid-2.4.STABLE2 or later required. Earlier
> > versions does not have search capabilities or mostly any other
>
> capabilities
>
> > for that matter..
> >
> > Regards
> > Henrik
> >
> > On Tuesday 04 December 2001 16.06, Jack wrote:
> > > Hello Henrik,
> > > I have the same problem in ldap auth
> > >
> > > ldapadd -f /usr/local/var/openldap-ldbm/squid.ldif -xv -D
> > > "cn=admin, dc=ldap, dc=squid, dc=com" -w secret
> > > ldapsearch -x -D "cn=admin,dc=ldap,dc=squid,dc=com" -W -b
> > > 'dc=ldap,dc=squid,dc=com' "objectClass=*" ldap
> > >
> > > # ldap, squid, com
> > > dn: dc=ldap, dc=squid, dc=com
> > >
> > > # admin, ldap, squid, com
> > > dn: cn=admin, dc=ldap, dc=squid, dc=com
> > >
> > > # Development, ldap, squid, com
> > > dn: ou=Development, dc=ldap, dc=squid, dc=com
> > >
> > > # Support, ldap, squid, com
> > > dn: ou=Support, dc=ldap, dc=squid, dc=com
> > >
> > > # jack, Support, ldap, squid, com
> > > dn: cn=jack, ou=Support, dc=ldap, dc=squid, dc=com
> > >
> > > # sathi, Development, ldap, squid, com
> > > dn: cn=sathi, ou=Development, dc=ldap, dc=squid, dc=com
> > >
> > > ldapsearch -x -D
> > > "cn=sathi,ou=Development,dc=ldap,dc=squid,dc=com" -W -b \
> > >
> > > 'ou=Development,dc=ldap,dc=squid,dc=com' "objectClass=*" ldap
> > >
> > > Enter LDAP Password:
> > > version: 2
> > >
> > > #
> > > # filter: objectClass=*
> > > # requesting: ldap
> > > #
> > >
> > > # search result
> > > search: 2
> > > result: 0 Success
> > >
> > > squid_ldap_auth -b 'ou=Development,dc=ldap,dc=squid,dc=com'
> > > ldap sathi sathi
> > > ERR
> > >
> > > Where i done the mistake.
> > > Sorry if it is basic question
> > >
> > > Thanks
> > > Jack
> > >
> > > ----- Original Message -----
> > >
> > > > If your LDAP directory is structured using DN:s like
> > > >
> > > > UID=<login>, O=USM
> > > >
> > > > then squid_ldap_auth likes to be called as
> > > >
> > > > squid_ldap_auth -b O=USM your.ldap.server
> > > >
> > > > It will then automatically construct DN:s like the above and try to
>
> bind
>
> > > as
> > >
> > > > these.
> > > >
> > > >
> > > > To test binding as a user using your favorite LDAP tools use
> > > >
> > > > ldapsearch -x -D "UID=LARRY, O=USM" -W -b O=USM "objectClass=*"
> > > >
> > > > (older versions of OpenLDAP does not require the -x option)
> > > >
> > > > Regards
> > > > Henrik
> > >
> > > _________________________________________________________
> > > Do You Yahoo!?
> > > Get your free @yahoo.com address at http://mail.yahoo.com
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
Received on Wed Dec 05 2001 - 04:13:58 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:13 MST