Re: [squid-users] 2 ldap servers with different dn

From: Henrik Nordstrom <[email protected]>
Date: Fri, 16 May 2003 02:11:43 +0200

On Friday 16 May 2003 00.59, jamie wrote:
> Ok this is gonna be my last crazy cry for help! I promise.
>
> I got squid working with ldap and doing logins based off our
> openldap server. Cool.

Good.

> Heres my delemma. We have 2 different directory servers with 2
> different base dn

How is Squid supposed to know which directory to use?

If this can be done by the login name then a simple wrapper around two
instances of squid_ldap_auth can easily be set up. Search for open2
in the squid-users archives.

> I need the one squid server to work with both directories some how.
> I deleted the base dn from the squid config file and set up a
> referal on the openldap server but that totally didn't work.

Did you enable the use of referrrals in the helper? (command line
option.. I do not remember the default).

> I also tried adding both servers like this
>
> auth_param basic program /usr/lib/squid/squid_ldap_auth -u cn -b
> ou=people,dc=newberg,dc=k12,dc=or,dc=us -f (uid=%s) -h
> ldap.newberg.k12.or.us
>
> auth_param basic program /usr/lib/squid/squid_ldap_auth -u cn -b
> o=DIST -f (cn=%s) -h 172.16.16.30

There can only be one "auth_param basic program". If you specify this
more than one then the second most likely overrides the first, or
Squid will complain.

> I was thinking I could maybe set up something with the
> squid_ldap_group module but It looks like that reguires the root dn
> as well

It does. Basically the same problem to solve. How is Squid to know
which directory to use for this request?

Once it is known how to decide which directory to use a solution can
be looked for.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [email protected]
Received on Thu May 15 2003 - 18:11:11 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:41 MST