squid +ldap
Petr Safrata, dipl.tech.
safrata na dhd.cz
Čtvrtek Červenec 27 15:34:23 CEST 2006
ja pouzivam
auth_param basic program /usr/lib/squid/squid_ldap_auth -u cn -b
"cn=users,dc=cml-nt,dc=local" servername
Petr Safrata
----- Original Message -----
From: "Valenta Petr" <xvalen na atlas.cz>
To: <linux na linux.cz>
Sent: Tuesday, July 25, 2006 12:56 PM
Subject: squid +ldap
> Zdravicko,
> uz asi dva dny se snazim rozjet u squidu autentizaci pomoci LDAP,
> bohuzel marne. V prilohach jsou soubory slapd.conf a testovaci aaa.diff.
>
> Timto zpusobem se snazim o autentizaci z prikazove radky:
> /usr/lib/squid/squid_ldap_auth -v 3 -b 'dc=YourDomain,dc=com' -D
> "cn=Petr,dc=YourDomain,dc=com"-w test -h 127.0.0.1
> -f'(&(cn=%s)(objectClass=person))'
>
> po zadani: Petr test .........vypise:
> ERR Success
>
> a v logu se objevi:
> Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 fd=12 ACCEPT from
> IP=127.0.0.1:52322 (IP=0.0.0.0:389)
> Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 op=0 BIND
> dn="uid=Petr,dc=YourDomain,dc=com" method=128
> Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 op=0 RESULT tag=97
> err=49 text=
> Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 op=1 UNBIND
> Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 fd=12 closed
>
> toto probehne normalne a vrati vysledek:
> ldapsearch -x -b 'dc=YourDomain,dc=com' -D "cn=Bjorn J
> Jensen,dc=YourDomain,dc=com" '(objectclass=*)' -w test
>
> Netusite nekdo,kde by mohla byt chyba? Mnohokrat diky.
>
> Petr
>
> --
> Tato zprava byla prohledana na vyskyt viru
> a nebezpecneho obsahu antivirovym systemem
> MailScanner a zda se byt cista.
>
>
--------------------------------------------------------------------------------
> dn: dc=YourDomain,dc=com
> objectClass: dcObject
> objectClass: organization
> dc: YourDomain
> o: Firma
>
> dn: cn=Manager,dc=YourDomain,dc=com
> objectClass: organizationalRole
> cn: Manager
>
> dn: cn=Barbara J Jensen,dc=YourDomain,dc=com
> objectClass: person
> userPassword: {SSHA}Jv2NnfXmVMnN6ZfSrSRED+5JnJvXvpKr
> cn: Barbara J Jensen
> cn: Babs
> sn: Jensen1
>
> dn: cn=Bjorn J Jensen,dc=YourDomain,dc=com
> objectClass: person
> telephoneNumber: 111
> userPassword: {SSHA}Jv2NnfXmVMnN6ZfSrSRED+5JnJvXvpKr
> cn: Bjorn J Jensen
> cn: Bjorn
> sn: Jensen2
>
> dn: cn=Petr,dc=YourDomain,dc=com
> objectClass: person
> objectClass: uidObject
> sn: Petr
> uid: Petr
> cn: Petr
> userPassword: test
>
>
--------------------------------------------------------------------------------
># /etc/openldap/slapd.conf
>
> include /usr/share/openldap/schema/core.schema
> include /usr/share/openldap/schema/cosine.schema
> include /usr/share/openldap/schema/inetorgperson.schema
> include /usr/share/openldap/schema/nis.schema
> include /usr/share/openldap/schema/evolutionperson.schema
>
>
> loglevel 256
>
> pidfile /var/run/ldap/slapd.pid
> argsfile /var/run/ldap/slapd.args
>
>
>
> database bdb
> suffix "dc=YourDomain,dc=com"
> rootdn "cn=Manager,dc=YourDomain,dc=com"
> rootpw {SSHA}WbggQ+qy7kCsET8kl4rMBh2jSWj8Zw3E
>
>
>
> # necessary for evolution writes
> #allow bind_v2
>
> index objectClass eq
>
> directory /var/lib/ldap
>
> access to attrs=userPassword
> by anonymous auth
> by self write
> by * none
>
> access to dn.base="" by * read
>
> access to *
> by dn="cn=Manager,dc=YourDomain,dc=com" write
> by * read
--
Tato zprava byla prohledana na vyskyt viru
a nebezpecneho obsahu antivirovym systemem
MailScanner a zda se byt cista.
Další informace o konferenci Linux