On Thursday 22 May 2003 16.06, Steven Sporen wrote:
> Squid_Auth_Ldap -
> http://forge.novell.com/modules/xfmod/project/?sqauthldap
> Squid_LDAP_Match - http://marasystems.com/download/LDAP_Group/
squid_ldap_match is also known as squid_ldap_group and is shipped with
Squid. It does not do authentication, only authorization.
> Squid_LDAP_Auth - Which ships with Squid under basic/helpers.
Both squid_ldap_auth and squid_ldap_group(match) ships with
documentation and a few examples how to integrate with different LDAP
directories. Both works fine with MSAD.
> All of which seem to do the same basic tasks through OpenLDAP.
> Unfortunately there's not much information regarding the use of
> these helpers to access Active Directory.
The helpers shipped with Squid is neutral on the type of LDAP
directory you have or your LDAP structure.
> ./ldapsearch -x -b "dc=abcd,dc=za" -D
> "cn=ldapuser,cn=users,dc=abcd,dc=za" -h win2kAD -p 389 -W
Good. This is the biggest obstacle to get over.. how to talk to the AD
in the first place. Now read the manual for squid_ldap_auth with the
results of your ldapserach and you should be able to get going quite
quickly I think. Then proceed to squid_ldap_group for group
integration.
note: you really want the squid_ldap_group helper from 2.5.STABLE2 or
later when doing LDAP group integration with Squid. If you are using
2.5.STABLE1 then upgrade.
> I noticed that the query used by the helpers made use of the class
> 'inetOrgPerson'
squid_ldap_auth and squid_ldap_group does not have any default query.
You must tell the helper what query you want to use which both makes
the helper very flexible but also a little harder to configure..
> Anyone got this working off Active Directory?
I have used squid_ldap_auth + squid_ldap_group with MSAD many times,
and this was also tested during development of the helpers. Part of
their current functionality comes from customer requirements to
integrate with MSAD.
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [email protected]Received on Thu May 22 2003 - 17:12:08 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:53 MST