Re: [squid-users] LDAP Auth and Squid Accelerator Mode from Henrik Nordstrom on 2003-08-09 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 9 Aug 2003 18:08:59 +0200

On Friday 08 August 2003 15.48, mmckenzie@unmc.edu wrote:
> Hello all,
>
> In previous attempts at trying to get squid to work in accelerator
> mode with authentication I was unsuccessful.
>
> I found a patch that is suppose to do it here:
> www.poulpy.com/proj.php?PROJID=2

The only line which is correct in that patch is the change to enable
AUTH_ON_ACCELERATION, but done at the wrong place.

The correct way to enable AUTH_ON_ACCELERATION is to add it to CFLAGS
in src/Makefile after running configure.

The rest of the patch is not good, not needed or specific to his
machine.

The reason why AUTH_ON_ACCELERATION is a little hidden like this is
because it collides with people using Squid in interception
proxy/cache mode, transparently intercepting port 80.

In Squid-3.0 this is cleaned up and there is no hidden defines needed
to enable authentication in accelerator mode.

> The ldap auth module that comes with 2.5 STABLE 1, I was uable to
> get it to work.

Why?

> I did get the ldap module I downloaded from here to work:
> freshmeat.net/projects/squid_auth_ldap/?topic_id=90

Then you should be able to get the standard LDAP helper working as
well.

squid_auth_ldap uses a search filter similar to
"(&(uid=%s)(objectClass=Person))" I think. See the squid_ldap_auth
man page for other examples of filters. Some knowledge of the
structure of your LDAP directory helps a lot and ldapsearch is a good
tool to gain such understanding if you do not know the LDAP directory
structure already.

But as long as you have a helper working things are fine on that part
however. But it should be noted that the squid_auth_ldap helper does
not fully support Squid-2.5 last time I looked and you may get
trouble from this helper if your users have strange characers in
their login or password.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Sat Aug 09 2003 - 10:10:10 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:48 MST