Re: [squid-users] Regarding Squid+Ldap

Hi.

Sorry, but I am not familiar with OpenLDAP. I have only gotten this to work
with Server 2003 Active Directory.
Maybe someone else reading this can help. I am not sure what you will need
for the "-f" parameter. Try this for some examples though:
    http://www.die.net/doc/linux/man/man8/squid_ldap_auth.8.html

I have read of people doing it this way:
    authenticate_program /usr/local/squid/bin/ldap_auth
    authenticate_options ldap.yourdomain.com 389 dc=yourdomain,dc=com uid
    authenticate_children 2

The commandline is the easiest way to debug this. To save re-typing complex
stuff to the commandline, put it in a script such as this:

    while read INP; do

        # Use username and password to authenticate against TEMP1
        TEMP1=`echo $INP | /usr/lib/squid/ldap_auth -R -b
"dc=mydomain,dc=com" -D
                 "cn=Administrator,cn=Users,dc=mydomain,dc=com" -w
"mypassword"
                 -f sAMAccountName=%s -h 192.168.1.1`

        # If username and password is correct, output "OK"
        if [ "$TEMP1" == "OK" ]; then
            echo "OK"
        else
            echo "ERR"
        fi
    done

Then go: echo "username password" | ./scriptname.sh

Modify the script and re-run until you get it working. Saves alot of typing
errors on the commandline. Probably not the most elegant way of writing the
script, but it works for me. :-)

regards
Dietrich

----- Original Message -----
From: "selvam E" <selvame@questresearch.com>
To: <squid-users@squid-cache.org>
Cc: "D & E Radel" <radel@inet.net.nz>
Sent: Wednesday, May 25, 2005 11:13 PM
Subject: Re: [squid-users] Regarding Squid+Ldap

> Hi,
>
> Thank u for your reply.
>
> But I am using Openldap for authentication. I do not have Sam account in
> Openldap. So I am entred command line line like this,
> auth_param basic program /usr/lib/squid/squid_ldap_auth
> -b "dc=quest,dc=com"
> -D "cn=Manager,*cn=User*,dc=quest,dc=com" #### for cn=User what i
> have to enter
> -w "my_password_here"
> -f sAMAccountName=%s ### for openldap what i have to enter here
> -h 192.168.1.1
> Note: I think cn=User is a OU. In my openldap I have created Peple. In
> that I entered all my users attributes.
>
> Thanking your.
>
> Regards,
>
> Selvam E.
>
> D & E Radel wrote:
>
>> Hi
>>
>> You should probably comment out multiple attempts to authenticate. In
>> your second attempt you have spelt "quest" as "qust". You also haven't
>> specified an OU for the user "Manager", or a -f parameter.
>>
>> Try debugging at the commandline. eg:
>> echo "username password" | /usr/lib/squid/squid_ldap_auth -b.......
>>
>> You should get either a "OK" or an "ERR". Anything else, then you need to
>> check your syntax and parameters.
>>
>> In your squid.conf, all on the same line it should read something like
>> this:
>>
>> auth_param basic program /usr/lib/squid/squid_ldap_auth
>> -b "dc=quest,dc=com"
>> -D "cn=Manager,cn=Users,dc=quest,dc=com"
>> -w "my_password_here"
>> -f sAMAccountName=%s
>> -h 192.168.1.1
>>
>> This page gave me alot of help:
>>
>> http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory
>>
>> One thing that causes problems is if the password of the administrator
>> (in your case, the user called "Manager") has non-alphanumeric
>> characters. In my case, my problem was that the administrator password
>> had an "!" in it, and I had to use an "\" before the "!", i.e. "\!".
>>
>> Regards,
>> Dietrich
>>
>> ----- Original Message ----- From: "selvam" <selvame@questresearch.com>
>> To: <squid-users@squid-cache.org>
>> Cc: <hno@squid-cache.org>
>> Sent: Wednesday, May 25, 2005 8:25 PM
>> Subject: [squid-users] Regarding Squid+Ldap
>>
>>
>>> Hi,
>>>
>>> I am configure squid.conf with following setting for ldap
>>> authentication.
>>>
>>> auth_param basic program /usr/lib/squid/squid_ldap_auth -b
>>> "dc=quest,dc=com" -D 'cn=Manager,dc=quest,dc=com' -w z -h 192.168.1.1
>>> #auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/password
>>> auth_param basic program /usr/lib/squid/squid_ldap_auth -b
>>> "dc=qust,dc=com" -w "z" -h 192.168.1.1
>>>
>>> But i am unbable to authenticate thr ldap
>>> please help me
>>> I am already posted this query to squid-users but no reply or solution
>>>
>>> Hendrik please help me to solve this problem
>>>
>>>
>>> Thanking you.
>>>
>>> Regards,
>>>
>>> Selvam E.
>>>
>>
>>
>
Received on Wed May 25 2005 - 15:30:50 MDT