Re: [squid-users] Ldap Auth Suggestions from Henrik Nordstrom on 2003-05-13 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 14 May 2003 01:23:14 +0200

On Tuesday 13 May 2003 20.17, jamie wrote:
> Hey gang, I am looking for some ldap auth suggestions. First I am a
> bit confused as to what piece of add on software to user for auth.
> I have seen about 3 or 4 different ldap modules. squid_ldap_auth,
> squid_auth_ldap etc etc.

There is only three I know of...

1. the squid_ldap_auth helper shipped with Squid

2. the separate squid_auth_ldap helper now shipped with Suqid

3. another ldap authentication helper+patch for Squid-2.4 which adds
a kind of group authorization concept to Squid-2.4.

Then there is the related but quite different squid_ldap_group helper
which is used to check if a user belongs to a certain LDAP group,
usually in combination with squid_ldap_auth for LDAP authentication.

> It looks as if squid_ldap_auth comes with squid but it seems as if
> I need to compile squid with this software in order for it to work.
> Is their any way I can just plug it in to work with say an RPM
> based installation?

  tar zxvf squid-XXX.tar,gz
  cd squid-XXX
  ./configure --enable-basic-auth=LDAP
  make -C lib
  cd helpers/basic_auth/LDAP
  make
  cp squid_ldap_auth /usr/libexec/squid/

Note: You should use the version of the helper shipped with the major
Squid version you are using. If you are using Squid-2.4 then use the
helper from the latest version of Squid-2.4, if you are using
Squid-2.5 (which you should) then use the helper from the latest
version of Squid-2.5.

> Secondly, we are a k12 school dist, and I am thinking that our best
> bet for managing what users can auth and not is by group. If a user
> is a member of net-access group then they can use the net. If not
> they will have no access.

Yes. This is best done via the squid_ldap_group helper in squid-2.5.
See the documentation for squid_ldap_group (shipped with Squid).

> Third, I haven't seen any how to's out there. Can anyone point me
> into the right direction?

Start by reading the manuals for the LDAP helpers for Squid. These
manuals are shipped as man pages with the helpers in the Squid source
distribution.

Also recommended to get familiar with the layout of your LDAP
directory. The manuals to the helpers shipped with Squid pretty much
assumes you already know your LDAP structure.

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Tue May 13 2003 - 17:23:09 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:39 MST