Re: [squid-users] squid_ldap_auth for two ldap servers from ashish.uchil@dont-contact.us on 2004-05-27 (squid-users)

From: <ashish.uchil@dont-contact.us>
Date: Thu, 27 May 2004 18:52:25 +0530

Use the following script.
What it will do is ,it will first go to the first LDAP server and verify
the Username/password .
If that LDAp server does not have this user then it will go to the next one
.
I use it and is working fantastic.

#!/usr/bin/perl
$|=1;
use IPC::Open2;
open2(*read1,*write1,"/usr/lib/squid/squid_ldap_auth ...full command with
parameters for LDAP server 1");

open2(*read3,*write3,"/usr/lib/squid/squid_ldap_auth full command with
parameters for LDAP server 2 ");
while(<>) {
  print write1 $_;
  $ans = <read1>;
  if( $ans =~ /^OK/) {
       print $ans;
             next; }
  print write3 $_;
  $ans = <read3>;
  if( $ans =~ /^OK/) {
       print $ans;
             next;
}
print $ans;
}


             usmc@nexgo.de

             05/27/04 06:33 PM To
                                       squid-users@squid-cache.org
                                                                        cc

                                                                   Subject
                                       [squid-users] squid_ldap_auth for
                                       two ldap servers







Hello,

I'm working with squid 2.5 stable 5 and a LDAP authentication which works
great.

My problem is, that the squid_ldap_auth should work with 2 different LDAP
Servers. I know it's not possible yet, without changing the source code.
And there i do have some trouble.

There are two different LDAP Servers.
Persons with an uid which contains a number in it [0-9] should authenticate
on Server A.
Persons without a number in the uid should authenticate on Server B.

So i thought, i just check the uid for numbers in it. (right after the user
and passwd is collected by squid_ldap_auth) and change the server if
necessary.

I do open squid_ldap_auth with -b "basedn of Server A" – f ... ... Server A

My programm looks like that (haven't changed anything else), but doesn't
work. Since i am not really into C programming i hope to get some answers
here.

   while (fgets(buf, 256, stdin) != NULL) {
        user = strtok(buf, " \r\n");
        passwd = strtok(NULL, "\r\n");

        if (!user || !passwd || !passwd[0]) {
            printf("ERR\n");
            continue;
        }

/* the part above (unchanged) collects the "user" and "passwd", right? */
/* my additional source code starts here */

        char numbers[] = "0123456789"; /* just a definition of
the numbers I'm looking for */
        char *helpvar;
        helpvar=NULL;
        helpvar=strpbrk(user, numbers);

/* search for numbers - if "user" contain numbers -> helpvar=adress of the
first number - if not helpvar stays NULL*/

        for (;helpvar==NULL;) {
            basedn="basedn of Server B";
            ldapServer="Server B";
            break;
        }
/* since i allready defined basedn A and Server A with the opening of
squid_ldap_auth i don't need to change anything if helpvar!=NULL */
/* from now on again unchanged source code */

        rfc1738_unescape(user);
        rfc1738_unescape(passwd);
        ...

I know i shouldn't fix the Server B in the source code, but at first, it
should work, later i can try to implement a second basedn and server at the
start of the program (perhaps with -x basedn2 / -y server2)

I hope you could help me, otherwise we have to run 2 squid servers
simultaneously (which isn't wanted). A change to only one LDAP Server (with
every user on it) is out of question.

Thank you
~ Dominique

ForwardSourceID:NT00006E92

text/plain attachment: InterScan_Disclaimer.txt

Received on Thu May 27 2004 - 07:22:23 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Jun 01 2004 - 12:00:02 MDT