Re: [squid-users] Configuring authentication with ldap_auth and two domains?

From: D & E Radel <[email protected]>
Date: Sun, 10 Apr 2005 10:18:01 +1200

Matthias Dettling" wrote:
> grolschie wrote:
> > Repost, as the first never came through at my
end.
> > Sorry if it's a dupe.
> >
> > ---
> > Hi y'all.
> >
> > I have searched through the docs, and cannot
find
> > alot on ldap_auth. I use Squid + LDAP instead
of
> > SMB to authenticate against our 2003 Server.
The
> > problem is that we have two domains that I
wish to
> > authenticate against. Is it possible to do
this
> > with Squid and LDAP?
> >
> > Here is my current method:
> >
> > ##################
> > auth_param basic program
> > /usr/lib/squid/ldap_auth -R -b
> > "dc=my,dc=domain,dc=org" -D
> >
"cn=Administrator,cn=Users,dc=my,dc=domain,dc=org"
> > -w "mypassword" -f sAMAccountName=%s -h
> > 192.168.1.1
> >
> > auth_param basic children 5
> > auth_param basic realm Our Proxy
> > auth_param basic credentialsttl 5 hours
> >
> > acl localnet proxy_auth REQUIRED src
> > 192.168.1.0/24 192.168.100.0/24
> >
> > http_access allow localnet
> > http_access allow localhost
> > http_access deny all
> > ###################
> >
> > Is it possible to add another sub-domain into
this
> > equation to authenticate against? Our two
domains
> > are on the two networks listed above in
localnet
> > ACL, although our sub-domains DC has an IP
address
> > on both networks. I am not sure how to specify
two
> > domains and two domain controller IP's in the
> > above.
> >
> > Sorry if this is a n00b question. I am kinda
stuck
> > and you seem to know alot about this field.
And
> > tips, greatly received. Thanks in advance.
> >
> > regards,
> > grolschie
> >
> >
> >
> Hello grolschie,
>
> there are sure better solutions, but my one
works too.
> Instead of writing
> "auth_param basic program
/usr/lib/squid/ldap_auth ..."
> you can use a shell script like that
> auth_param basic program /shell/script.
>
> The only thing your script should do is write
out "OK" or "ERR" to
> stdout dependant on the result of your
evaluation with
> /usr/lib/squid/ldap_auth.
> Tutorials on writing shell scripts can be found
much on the net.
>
> I hope this helps.
>
> Regards
> Matthias

Thanks for that I will have a google for shell
script writing tutorials. How are variables like
%s etc passed through/from to the shell script
though? Or does that not need to happen?

regards,
D.Radel (aka grolschie)

P.S. I am told that my post was received by the
group 4 times. Sorry about that. Must've been a
gmail glitch is only the last email arrived in my
inbox via the list - using my ISPs account.
Received on Sat Apr 09 2005 - 16:18:12 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT