LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   CentOS7 / squid_ldap_auth (https://www.linuxquestions.org/questions/linux-server-73/centos7-squid_ldap_auth-4175595054/)

saavik 12-08-2016 09:35 AM
CentOS7 / squid_ldap_auth
 
I am trying to switch from Sles11 so CentOS7 with my Squid.

Question:

I just can`t find the squid_ldap_auth for CentOS7.

Where/how can i get that ?

OK,OK

I found

basic_ldap_auth,digest_ldap_auth,ext_ldap_group_acl

But i am still working on it to do what i want. Maybe someone has it working with eDir ?

TB0ne 12-09-2016 09:32 AM
Quote:
Originally Posted by saavik (Post 5639533)
I am trying to switch from Sles11 so CentOS7 with my Squid.

Question: I just can`t find the squid_ldap_auth for CentOS7. Where/how can i get that ?

OK,OK I found

basic_ldap_auth,digest_ldap_auth,ext_ldap_group_acl But i am still working on it to do what i want. Maybe someone has it working with eDir ?
If you told us exactly what you want it to do, what error(s)/message(s) you're getting, etc., maybe we can help. We can't guess....what do you mean by "eDir", and what are you trying to actually do?

saavik 12-12-2016 06:42 AM
Ok..sure....

I`d like to use the ediretory LDAP to auth users being member of a specific group which allows them to access the internet via squid-Server.

now i allready found that this might be the "auth_param basic program /usr/lib64/squid/basic_ldap_auth" which already asks for username an password but it does not give me any access to the internet never the less what group i am in or not....

I think its about the wrong

Code:
# /usr/lib64/squid/basic_ldap_auth -d -b "cn=ldap,o=xxxx" -w xxxxx -b o=xxxx -s sub -f "(&(objectclass=User)(cn=%s)(groupMembership=%g))" -h ldaps://1xxx -p 636
ldap ldap
basic_ldap_auth.cc(685): pid=11111 :user filter '(&(objectclass=User)(cn=ldap)(groupMembership=6.95281e-310))', searchbase 'o=xxx'
basic_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server'
ERR Success

ERR Missing username
ldapsearch works, and i can see that the ldap-server is responding....


found digest_edirectory_auth working on that....

that looks good, but does not work.

I used:

Quote:
/usr/lib64/squid/digest_edirectory_auth -A password -v 3 -D "cn=ldap,o=xxx" -b "o=kxxx" -w xxxx -b o=xxxxx -s sub -F "(&(objectclass=User)(cn=%s))" -h xxxxxx
user pw
ER
I am not sure if "-A password" is the right field. Any idea ?


All times are GMT -5. The time now is 06:28 PM.