RE: [squid-users] Multiple Authentication Programs

From: Keppner, Christoph <[email protected]>
Date: Mon, 5 Apr 2004 14:28:15 +0200

Hi,

i found your open2-Script and edited it with my ldap-commands. They work
both fine from commandline, but when i execute the open2-script, i get the
error:

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
ERR

This is my script, don't worry about the username in the -D, Active
Directory Users can be written as username@domainname:

#!/usr/bin/perl
$|=1;
use IPC::Open2;
open2(*read1,*write1,"/usr/local/squid/libexec/squid_ldap_auth -b
dc=testdomain1,dc=de -R -D squid@testdomain1.de -w squid -f
sAMAccountName=%s XX.XX.XX.XX");
open2(*read2,*write2,"/usr/local/squid/libexec/squid_ldap_auth -b
dc=testdomain2,dc=de -R -D squid@testdomain2.de -w squid -f
sAMAccountName=%s YY.YY.YY.YY");
while(<>) {
        print write1 $_;
        $ans = <read1>;
        if( $ans =~ /^OK/) {
                print $ans;
                next;
        }
        print write2 $_;
        $ans = <read2>;
        if( $ans =~ /^OK/) {
                print $ans;
                next;
        }
        print $ans;
}

Regards
Christoph

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Thursday, April 01, 2004 12:36 PM
To: Keppner, Christoph
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Multiple Authentication Programs

On Wed, 31 Mar 2004, Keppner, Christoph wrote:

> My Squid runs on a firewall with 3 interfaces, 1st interface is the
> connection to my provider, 2nd interface is connected to "localnet". Now i
> want to add a new ip-network on the 3rd interface. Within this network, a
> new Windows 2000 Domain (Domain B) should be set up. Domain A is
independant
> from the domain in network B (no connection). Users from domain B should
> have to use my proxy too, again with ldap-authentication and
group-checking.
> Is this possible? How?

A little tricky, but maybe the approach taken by the "open2" script can
work for you?

http://www.squid-cache.org/mail-archive/squid-users/200004/0788.html

a search for open2 in the archives will give more information.

Regards
Henrik
Received on Mon Apr 05 2004 - 06:28:28 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:01 MDT