Hi!
On Sat, Jan 2, 2010 at 1:49 PM, ml ml <mliebherr99_at_googlemail.com> wrote:
> Hi,
>
> thanks for the reply.
>
> However, i cant get the proof-of-concept working on the command line:
>
> echo "mo" | squid_ldap_group -b "dc=my-domain,dc=com" -f "cn=mo" -F
> "cn=mo" -h localhost -D "cn=Manager,dc=my-domain,dc=com" -w secret
Not sure, but I use this on the squid.conf:
/usr/lib/squid/squid_ldap_group -b "ou=Groups,dc=example,dc=com" -f
"(&(objectclass=posixGroup)(cn=%g)(memberUid=%u))" -h localhost -P -v
3 -B "ou=Users,dc=example,dc=com" -D cn=read_only,dc=example,dc=com -w
password
>
> it always returns ERR. If i do a "tcpdump -i any -n port 389" then i
> cant see any traffic at all.
>
I'm not sure, but I think it doesn't return traffic for lo interface.
> Any idea how i can debug this? the "-d" option does not seem to do any
> debugging!
maybe run the ldap daemon (slapd) with "-d -1" option, but it will
print LOTS of info, make sure NO OTHER PROCESS access the directory
server while you run the test (maybe a VM will help).
>
> Thanks,
> Mario
>
>
>
> On Thu, Dec 31, 2009 at 9:29 PM, Chris Robertson <crobertson_at_gci.net> wrote:
>> ml ml wrote:
>>>
>>> Hello List,
>>>
>>> i read that its quite easy to get squid with ldap auth running.
>>>
>>> I would also like to manage Black/White URL-Lists in ldap. Can this be
>>> done via ldap, too?
mmmmm..... maybe, but, I think this could become slow, I have never
used LDAP for black lists, I store them on plain-text files, and then
use group membership (ldap) to manage who the lists applies to. If
you feel like you really need to have the URLs on LDAP, I would write
an script that reads the URLs from LDAP and write them to plain-text
files that squid would use. Off course, you would need some
"intelligence" on the script.
I hope this helps,
Ildefonso Camargo
Received on Tue Jan 05 2010 - 00:52:24 MST
This archive was generated by hypermail 2.2.0 : Tue Jan 05 2010 - 12:00:02 MST