Re: squid_ldap_group patch

G'day,

The best thing to do is file a bugzilla feature request and throw
your patch into that.

Someone can then integrate it into Squid when we've got time.

THanks!

Adrian

On Thu, Jan 10, 2008, Klaubert Herr da Silveira wrote:
> Hi,
>
> I start to use Ldap authorization on squid to work integrated to
> Active Directory for users authenticated by Negotiate method (using
> kerberos), and once that the username has a @REALM appended to it, I
> need to remove this, so I (with the help of a colleage that know C
> much better that I) create a patch to strip kerberos realm from user
> name in squid_ldap_group.
>
> The patch is attached, and works for both, version 3.0 Stable1 and 2.6 Stable17.
>
> My notes on use kerberos for authentication on AD and authorization
> with Ldap are in http://klaubert.wordpress.com/
>
> Best regards,
>
> Klaubert Herr

> --- squid_ldap_group.8.original 2008-01-10 11:08:21.000000000 -0200
> +++ squid_ldap_group.8 2008-01-07 11:36:45.000000000 -0200
> @@ -152,6 +152,10 @@
> Strip NT domain name component from user names (/ or \\ separated)
> .
> .TP
> +.BI -K
> +Strip Kerberos Realm component from user names (@ separated)
> +.
> +.TP
> .BI -d
> Debug mode where each step taken will get reported in detail.
> Useful for understanding what goes wrong if the results is

> --- squid_ldap_group.c.original 2008-01-10 11:08:12.000000000 -0200
> +++ squid_ldap_group.c 2008-01-04 19:35:09.000000000 -0200
> @@ -215,6 +215,7 @@
> int port = LDAP_PORT;
> int use_extension_dn = 0;
> int strip_nt_domain = 0;
> + int strip_kerberos_realm = 0;
> int err = 0;
>
> setbuf(stdout, NULL);
> @@ -370,6 +371,9 @@
> case 'S':
> strip_nt_domain = 1;
> break;
> + case 'K':
> + strip_kerberos_realm = 1;
> + break;
> default:
> fprintf(stderr, PROGRAM_NAME " ERROR: Unknown command line option '%c'\n", option);
> exit(1);
> @@ -424,6 +428,7 @@
> #endif
> fprintf(stderr, "\t-g\t\t\tfirst query parameter is base DN extension\n\t\t\t\tfor this query\n");
> fprintf(stderr, "\t-S\t\t\tStrip NT domain from usernames\n");
> + fprintf(stderr, "\t-K\t\t\tStrip Kerberos realm from usernames\n");
> fprintf(stderr, "\n");
> fprintf(stderr, "\tIf you need to bind as a user to perform searches then use the\n\t-D binddn -w bindpasswd or -D binddn -W secretfile options\n\n");
> exit(1);
> @@ -470,6 +475,12 @@
> if (u && u[1])
> user = u + 1;
> }
> + if (strip_kerberos_realm) {
> + char *u = strchr(user, '@');
> + if (u!=NULL) {
> + *u = '\0';
> + }
> + }
> if (use_extension_dn) {
> extension_dn = strtok(NULL, " \n");
> if (!extension_dn) {

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -