RE: [squid-users] squid_ldap_auth to authtenticate on Active Directory 2000

Henrik,

Here is what we did and it worked. I hope that it will help you. In AD I created an OU internetusers and specified it where I needed to.

Under auth_param
auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b "dc=dunns,dc=co,dc=za" -D "cn=ldapreader,cn=users,dc=dunns,dc=co,dc=za" -w "ldappassword" -f sAMAccountName=%s -h (IP of DC)

Under External ACL
external_acl_type internetusergroup %LOGIN /usr/lib/squid/squid_ldap_group -R -b "dc=dunns,dc=co,dc=za" -D "cn=ldapreader,cn=users,dc=dunns,dc=co,dc=za" -w "ldappassword" -f "(&(objectclass=person)(sAMAccountName=%u)(memberof=cn=internetusers,OU=Dunns Groups,OU=Dunns,dc=dunns,dc=co,dc=za))" -h (IP of DC)

Under acl
acl ldappassword proxy_auth REQUIRED
acl internetgroup external internetusergroup internetusers

Janco v.d Merwe
Network Administrator
Dunns Stores (PTY) Ltd
Switchboard: 011 541 3000
Direct: 011 541 3007
Fax: 086 632 1708

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: 01 August, 2006 08:30
To: sOngUs
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] squid_ldap_auth to authtenticate on Active Directory 2000

mån 2006-07-31 klockan 11:18 -0600 skrev sOngUs:

> squid_ldap_auth -R -b cn=users,dc=mydomain,dc=com -D
> "cn=administrator,cn=Users,dc=mydomain,dc=com" -w mypassword -f
> sAMAccountName=%s -h 192.168.0.1 (which is the IP address of the AD
> server.)
>
> But then id does nothing and if i press ENTER i get "ERR"...

You have to give something to work on, i.e. a username and password

username<space>password<enter>

> Now.. the question is... which dependencies does this module have?
> cause i compiled squid with the right option (i think.. otherwise
> squid_ldap_auth wont be there...)

none..

> And installed Openldap so ill have libldap... do i need to install
> anything else?

nope.

> I turned on a sniffer on the box, but there is no trace of any ldap conn...
> so im guessing im missing something...

the LDAP connection is opened when there is a query to resolve.

Regards
Henrik

____________________________________________________________________________
This communication and any attachments are confidential and intended for the sole use of the
intended recipient. Any form of copying or disclosure of this communication to any third parties
without permission is prohibited. The contents of this communication and its attachments are
not intended to be relied upon in law without subsequent written confirmation. As such, Dunns
Stores (Pty) Ltd accept no responsibility or liability (including negligence) for the consequences
of anyone acting, or not acting, on information contained therein.

If you have received this communication in error please notify us immediately and destroy or
delete it.
____________________________________________________________________________
Received on Tue Aug 01 2006 - 09:46:19 MDT