Re: [squid-users] Authenticate through LDAP against Active Directory. Windows 2000. from Henrik Nordstrom on 2003-05-22 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 23 May 2003 01:12:22 +0200

On Thursday 22 May 2003 16.06, Steven Sporen wrote:

> Squid_Auth_Ldap -
> http://forge.novell.com/modules/xfmod/project/?sqauthldap

> Squid_LDAP_Match - http://marasystems.com/download/LDAP_Group/

squid_ldap_match is also known as squid_ldap_group and is shipped with
Squid. It does not do authentication, only authorization.

> Squid_LDAP_Auth - Which ships with Squid under basic/helpers.

Both squid_ldap_auth and squid_ldap_group(match) ships with
documentation and a few examples how to integrate with different LDAP
directories. Both works fine with MSAD.

> All of which seem to do the same basic tasks through OpenLDAP.
> Unfortunately there's not much information regarding the use of
> these helpers to access Active Directory.

The helpers shipped with Squid is neutral on the type of LDAP
directory you have or your LDAP structure.

> ./ldapsearch -x -b "dc=abcd,dc=za" -D
> "cn=ldapuser,cn=users,dc=abcd,dc=za" -h win2kAD -p 389 -W

Good. This is the biggest obstacle to get over.. how to talk to the AD
in the first place. Now read the manual for squid_ldap_auth with the
results of your ldapserach and you should be able to get going quite
quickly I think. Then proceed to squid_ldap_group for group
integration.

note: you really want the squid_ldap_group helper from 2.5.STABLE2 or
later when doing LDAP group integration with Squid. If you are using
2.5.STABLE1 then upgrade.

> I noticed that the query used by the helpers made use of the class
> 'inetOrgPerson'

squid_ldap_auth and squid_ldap_group does not have any default query.
You must tell the helper what query you want to use which both makes
the helper very flexible but also a little harder to configure..

> Anyone got this working off Active Directory?

I have used squid_ldap_auth + squid_ldap_group with MSAD many times,
and this was also tested during development of the helpers. Part of
their current functionality comes from customer requirements to
integrate with MSAD.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Thu May 22 2003 - 17:12:08 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:53 MST