Re: [squid-users] Squid 2.5 w/ LDAP

From: <Ian.Large@dont-contact.us>
Date: Fri, 18 Mar 2005 14:00:37 +0000

Hi Jayesh

> I found 2 binaries ....
> - /usr/local/squid/bin/squid_auth_ldap and
> - /usr/lib/squid/squid_ldap_auth

Sounds like you have two seperate installs of squid. If you've compiled a
current one yourself I would guess that the top one of those is the one
you want. Our Red Hat boxes using the RH rpm build puts the files in
/usr/lib/squid. You might want to be sure that you aren't running
different bits of two different squid installs.

> Any idea, which one I should use and what's
> the correct syntex?

I would imagine that there are numerous different syntaxes that will work.
The one I am using here is:

auth_param basic program /usr/lib/squid/squid_ldap_auth \
        -b "dc=salvesen,dc=com" \
        -D "cn=Ldap User,ou=users,dc=salvesen,dc=com" \
        -w password \
        -f
"(&(CN=%s)(memberOf=CN=InternetUsers,DC=cs-plc,DC=salvesen,DC=com))" \
        -h 10.x.x.x

The filter we use as you can probably work out also only authenticates
users that are a member of a specific group - InternetUsers. The user and
password defined in -D and -w is just because we use AD and it disallows
anonymous access to the directory.

HTH!

-- 
Ian Large <ian.large@salvesen.com>
IT Department, Christian Salvesen, Lodge Way,
New Duston, Northampton NN5 7SL, United Kingdom
Tel: +44 1604 737100 x760 Fax: +44 1604 737111

--------------------------------------------------------------------------------

For information on Christian Salvesen visit our website at www.salvesen.com.

The information contained in this e-mail is strictly confidential and for the use of the addressee only; it may also be legally privileged and / or price sensitive.  Notice is hereby given that any disclosure, use or copying of the information by anyone other than the intended recipient is prohibited and may be illegal.  If you have received this message in error, please notify the sender immediately by return e-mail.

Christian Salvesen has taken every reasonable precaution to ensure that any attachment to this e-mail has been swept for viruses.  However, we cannot accept liability for any damage sustained as a result of software viruses and would advise that you carry out your own virus checks before opening any attachment.

Christian Salvesen is a trading name of the Christian Salvesen Group.  Christian Salvesen PLC (Company number SC7173) is the ultimate holding company within the Christian Salvesen Group whose registered office is at 16 Charlotte Square, Edinburgh EH2 4DF.
Received on Fri Mar 18 2005 - 07:00:43 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:02 MST