squid +ldap
Valenta Petr
xvalen na atlas.cz
Úterý Červenec 25 12:56:30 CEST 2006
Zdravicko,
uz asi dva dny se snazim rozjet u squidu autentizaci pomoci LDAP,
bohuzel marne. V prilohach jsou soubory slapd.conf a testovaci aaa.diff.
Timto zpusobem se snazim o autentizaci z prikazove radky:
/usr/lib/squid/squid_ldap_auth -v 3 -b 'dc=YourDomain,dc=com' -D
"cn=Petr,dc=YourDomain,dc=com"-w test -h 127.0.0.1
-f'(&(cn=%s)(objectClass=person))'
po zadani: Petr test .........vypise:
ERR Success
a v logu se objevi:
Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 fd=12 ACCEPT from
IP=127.0.0.1:52322 (IP=0.0.0.0:389)
Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 op=0 BIND
dn="uid=Petr,dc=YourDomain,dc=com" method=128
Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 op=0 RESULT tag=97
err=49 text=
Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 op=1 UNBIND
Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 fd=12 closed
toto probehne normalne a vrati vysledek:
ldapsearch -x -b 'dc=YourDomain,dc=com' -D "cn=Bjorn J
Jensen,dc=YourDomain,dc=com" '(objectclass=*)' -w test
Netusite nekdo,kde by mohla byt chyba? Mnohokrat diky.
Petr
------------- další část ---------------
dn: dc=YourDomain,dc=com
objectClass: dcObject
objectClass: organization
dc: YourDomain
o: Firma
dn: cn=Manager,dc=YourDomain,dc=com
objectClass: organizationalRole
cn: Manager
dn: cn=Barbara J Jensen,dc=YourDomain,dc=com
objectClass: person
userPassword: {SSHA}Jv2NnfXmVMnN6ZfSrSRED+5JnJvXvpKr
cn: Barbara J Jensen
cn: Babs
sn: Jensen1
dn: cn=Bjorn J Jensen,dc=YourDomain,dc=com
objectClass: person
telephoneNumber: 111
userPassword: {SSHA}Jv2NnfXmVMnN6ZfSrSRED+5JnJvXvpKr
cn: Bjorn J Jensen
cn: Bjorn
sn: Jensen2
dn: cn=Petr,dc=YourDomain,dc=com
objectClass: person
objectClass: uidObject
sn: Petr
uid: Petr
cn: Petr
userPassword: test
------------- další část ---------------
# /etc/openldap/slapd.conf
include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/evolutionperson.schema
loglevel 256
pidfile /var/run/ldap/slapd.pid
argsfile /var/run/ldap/slapd.args
database bdb
suffix "dc=YourDomain,dc=com"
rootdn "cn=Manager,dc=YourDomain,dc=com"
rootpw {SSHA}WbggQ+qy7kCsET8kl4rMBh2jSWj8Zw3E
# necessary for evolution writes
#allow bind_v2
index objectClass eq
directory /var/lib/ldap
access to attrs=userPassword
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to *
by dn="cn=Manager,dc=YourDomain,dc=com" write
by * read
Další informace o konferenci Linux