squid +ldap
Petr Valenta
xvalen na atlas.cz
Čtvrtek Červenec 27 21:12:37 CEST 2006
Zdravicko Petre,
diky za odpoved. Coz o to, autentizaci jsem uz rozjel,...ale nejak se mi
nedari donutit squid_ldap_auth , resp. squid_ldap_group, aby jeli pres
SASL...nebo aspon SSL, ale radsi bych to SASL. Nikde to nemuzu
vygooglit... Diky
Petr
Petr Safrata, dipl.tech. napsal(a):
> ja pouzivam
>
> auth_param basic program /usr/lib/squid/squid_ldap_auth -u cn -b
> "cn=users,dc=cml-nt,dc=local" servername
>
> Petr Safrata
>
> ----- Original Message ----- From: "Valenta Petr" <xvalen na atlas.cz>
> To: <linux na linux.cz>
> Sent: Tuesday, July 25, 2006 12:56 PM
> Subject: squid +ldap
>
>
>> Zdravicko,
>> uz asi dva dny se snazim rozjet u squidu autentizaci pomoci LDAP,
>> bohuzel marne. V prilohach jsou soubory slapd.conf a testovaci aaa.diff.
>>
>> Timto zpusobem se snazim o autentizaci z prikazove radky:
>> /usr/lib/squid/squid_ldap_auth -v 3 -b 'dc=YourDomain,dc=com' -D
>> "cn=Petr,dc=YourDomain,dc=com"-w test -h 127.0.0.1
>> -f'(&(cn=%s)(objectClass=person))'
>>
>> po zadani: Petr test .........vypise:
>> ERR Success
>>
>> a v logu se objevi:
>> Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 fd=12 ACCEPT from
>> IP=127.0.0.1:52322 (IP=0.0.0.0:389)
>> Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 op=0 BIND
>> dn="uid=Petr,dc=YourDomain,dc=com" method=128
>> Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 op=0 RESULT tag=97
>> err=49 text=
>> Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 op=1 UNBIND
>> Jul 25 12:37:51 fxstation14 slapd[8773]: conn=31 fd=12 closed
>>
>> toto probehne normalne a vrati vysledek:
>> ldapsearch -x -b 'dc=YourDomain,dc=com' -D "cn=Bjorn J
>> Jensen,dc=YourDomain,dc=com" '(objectclass=*)' -w test
>>
>> Netusite nekdo,kde by mohla byt chyba? Mnohokrat diky.
>>
>> Petr
>>
>> --
>> Tato zprava byla prohledana na vyskyt viru
>> a nebezpecneho obsahu antivirovym systemem
>> MailScanner a zda se byt cista.
>>
>>
>
>
> --------------------------------------------------------------------------------
>
>
>
>> dn: dc=YourDomain,dc=com
>> objectClass: dcObject
>> objectClass: organization
>> dc: YourDomain
>> o: Firma
>>
>> dn: cn=Manager,dc=YourDomain,dc=com
>> objectClass: organizationalRole
>> cn: Manager
>>
>> dn: cn=Barbara J Jensen,dc=YourDomain,dc=com
>> objectClass: person
>> userPassword: {SSHA}Jv2NnfXmVMnN6ZfSrSRED+5JnJvXvpKr
>> cn: Barbara J Jensen
>> cn: Babs
>> sn: Jensen1
>>
>> dn: cn=Bjorn J Jensen,dc=YourDomain,dc=com
>> objectClass: person
>> telephoneNumber: 111
>> userPassword: {SSHA}Jv2NnfXmVMnN6ZfSrSRED+5JnJvXvpKr
>> cn: Bjorn J Jensen
>> cn: Bjorn
>> sn: Jensen2
>>
>> dn: cn=Petr,dc=YourDomain,dc=com
>> objectClass: person
>> objectClass: uidObject
>> sn: Petr
>> uid: Petr
>> cn: Petr
>> userPassword: test
>>
>>
>
>
> --------------------------------------------------------------------------------
>
>
>
>> # /etc/openldap/slapd.conf
>>
>> include /usr/share/openldap/schema/core.schema
>> include /usr/share/openldap/schema/cosine.schema
>> include /usr/share/openldap/schema/inetorgperson.schema
>> include /usr/share/openldap/schema/nis.schema
>> include /usr/share/openldap/schema/evolutionperson.schema
>>
>>
>> loglevel 256
>>
>> pidfile /var/run/ldap/slapd.pid
>> argsfile /var/run/ldap/slapd.args
>>
>>
>>
>> database bdb
>> suffix "dc=YourDomain,dc=com"
>> rootdn "cn=Manager,dc=YourDomain,dc=com"
>> rootpw {SSHA}WbggQ+qy7kCsET8kl4rMBh2jSWj8Zw3E
>>
>>
>>
>> # necessary for evolution writes
>> #allow bind_v2
>>
>> index objectClass eq
>>
>> directory /var/lib/ldap
>>
>> access to attrs=userPassword
>> by anonymous auth
>> by self write
>> by * none
>>
>> access to dn.base="" by * read
>>
>> access to *
>> by dn="cn=Manager,dc=YourDomain,dc=com" write
>> by * read
>
>
Další informace o konferenci Linux