Re: [squid-users] ldap

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 19 Dec 2002 19:10:15 +0100

On Thursday 19 December 2002 15.55, Dan Cave wrote:

> I believe that you need to compile basic ldap support into squid
> using the following
>
> compile --enable-ldap --enable-ldap-authentication {config to that
> sort of thing.. my net access is down atm, so you'll need to check
> the faq/howto }

No, the LDAP auth helper is a basic scheme helper, and the LDAP group
helper is an external_acl helper.

Squid configure directives:

--enable-auth=basic (the default unless you sepecify something else)

--enable-basic-auth-helpers="LDAP"

--enable-external-acl-helpers="ldap_group"

squid.conf directives

auth_param basic program /usr/local/squid/libexec/squid_ldap_auth ....
auth_param basic ... [as in the default squid.conf, modify to suit
your needs]

external_acl_type LDAP_group %LOGIN
/usr/local/squid/libexec/squid_ldap_group ....

acl ldap_group_1 external LDAP_group a_ldap_group_name

Note: as with most acl types in Squid you can list multiple group
names in a "external LDAP_group acl"

> ldapsearch -h ldapserver "userx"
> {{{ returns ldap user information }}}
>
> Then again, knowing MS Active directory, it might barf up.. I know
> a few ppl who've had auth problems with active directory...

My tests with MSAD has been quite reliable using LDAP.

However, you might need to specify a valid account to be allowed to
perform searches. See the LDAP helpers documentation.

Regards
Henrik
Received on Thu Dec 19 2002 - 11:09:50 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:09 MST