squid +ldap

Valenta Petr xvalen na atlas.cz
Úterý Červenec 25 12:56:30 CEST 2006


Zdravicko,
uz asi dva dny se snazim rozjet u squidu autentizaci pomoci LDAP, 
bohuzel marne. V prilohach jsou soubory slapd.conf a testovaci aaa.diff.

Timto zpusobem se snazim o autentizaci z prikazove radky:
/usr/lib/squid/squid_ldap_auth -v 3 -b 'dc=YourDomain,dc=com' -D 
"cn=Petr,dc=YourDomain,dc=com"-w test -h 127.0.0.1 
-f'(&(cn=%s)(objectClass=person))'

po zadani: Petr test   .........vypise:
ERR Success

a v logu se objevi:
Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 fd=12 ACCEPT from 
IP=127.0.0.1:52322 (IP=0.0.0.0:389)
Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 op=0 BIND 
dn="uid=Petr,dc=YourDomain,dc=com" method=128
Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 op=0 RESULT tag=97 
err=49 text=
Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 op=1 UNBIND
Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 fd=12 closed

toto probehne normalne a vrati vysledek:
ldapsearch -x -b 'dc=YourDomain,dc=com' -D "cn=Bjorn J 
Jensen,dc=YourDomain,dc=com" '(objectclass=*)' -w test

Netusite nekdo,kde by mohla byt chyba? Mnohokrat diky.

Petr
------------- další část ---------------
dn: dc=YourDomain,dc=com
objectClass: dcObject
objectClass: organization
dc: YourDomain
o: Firma

dn: cn=Manager,dc=YourDomain,dc=com
objectClass: organizationalRole
cn: Manager

dn: cn=Barbara J Jensen,dc=YourDomain,dc=com
objectClass: person
userPassword: {SSHA}Jv2NnfXmVMnN6ZfSrSRED+5JnJvXvpKr
cn: Barbara J Jensen
cn: Babs
sn: Jensen1

dn: cn=Bjorn J Jensen,dc=YourDomain,dc=com
objectClass: person
telephoneNumber: 111
userPassword: {SSHA}Jv2NnfXmVMnN6ZfSrSRED+5JnJvXvpKr
cn: Bjorn J Jensen
cn: Bjorn
sn: Jensen2

dn: cn=Petr,dc=YourDomain,dc=com
objectClass: person
objectClass: uidObject
sn: Petr
uid: Petr
cn: Petr
userPassword: test

------------- další část ---------------
# /etc/openldap/slapd.conf

include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/evolutionperson.schema


loglevel 256

pidfile /var/run/ldap/slapd.pid
argsfile /var/run/ldap/slapd.args



database bdb
suffix "dc=YourDomain,dc=com"
rootdn "cn=Manager,dc=YourDomain,dc=com"
rootpw {SSHA}WbggQ+qy7kCsET8kl4rMBh2jSWj8Zw3E



# necessary for evolution writes
#allow bind_v2

index  objectClass                             eq

directory /var/lib/ldap

access to attrs=userPassword
  by anonymous auth
  by self write
  by * none
  
access to dn.base="" by * read

access to * 
  by dn="cn=Manager,dc=YourDomain,dc=com" write
  by * read


Další informace o konferenci Linux