Hi,
I've searched through the Squid archives looking for some documentation
pertaining to LDAP authentication against Microsoft Window 2000's Active
Directory.
In the process I've found a number of flavours of the same application:
Squid_Auth_Ldap -
http://forge.novell.com/modules/xfmod/project/?sqauthldap
Squid_LDAP_Match - http://marasystems.com/download/LDAP_Group/
Squid_LDAP_Auth - Which ships with Squid under basic/helpers.
All of which seem to do the same basic tasks through OpenLDAP.
Unfortunately there's not much information regarding the use of these
helpers to access Active Directory.
I've gone through the motions of trying each of the above applications
in our lab environment. Without any luck unfortunately. I have tested my
OpenLDAP installation and can query the Active directory through
ldapsearch. Eg.
./ldapsearch -x -b "dc=abcd,dc=za" -D
"cn=ldapuser,cn=users,dc=abcd,dc=za" -h win2kAD -p 389 -W
This returns all the objects out of Active Directory without any
problems.
I noticed that the query used by the helpers made use of the class
'inetOrgPerson' which is not implemented on Windows 2000 Active
Directory (It will be however on Windows 2003) - see
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnactdi
r/html/inetopkit.asp
I modified the code to query as follows:
(&(objectCategory=user)(SAMAccountName=%username%))
Still no luck.
I then thought the problem may be related to permissions on my AD
regarding anonymous queries. Even though I connect using a
username/password. Changing the permissions to allow anonymous queries
made no difference (FYI - http://www.jsifaq.com/SUBL/tip5900/rh5939.htm)
So now I'm resorting to calling for help, before I'm forced to load the
NT version of Squid :S
Anyone got this working off Active Directory?
Regards,
Steven Sporen
Security Administrator
Exordia
Received on Thu May 22 2003 - 08:07:25 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:53 MST