CentOS7 / squid_ldap_auth

saavik · 12-08-2016, 09:35 AM

I am trying to switch from Sles11 so CentOS7 with my Squid.

Question:

I just can`t find the squid_ldap_auth for CentOS7.

Where/how can i get that ?

OK,OK

I found

basic_ldap_auth,digest_ldap_auth,ext_ldap_group_acl

But i am still working on it to do what i want. Maybe someone has it working with eDir ?

TB0ne · 12-09-2016, 09:32 AM

Quote:

Originally Posted by saavik

I am trying to switch from Sles11 so CentOS7 with my Squid.

Question: I just can`t find the squid_ldap_auth for CentOS7. Where/how can i get that ?

OK,OK I found

basic_ldap_auth,digest_ldap_auth,ext_ldap_group_acl But i am still working on it to do what i want. Maybe someone has it working with eDir ?

If you told us exactly what you want it to do, what error(s)/message(s) you're getting, etc., maybe we can help. We can't guess....what do you mean by "eDir", and what are you trying to actually do?

saavik · 12-12-2016, 06:42 AM

Ok..sure....

I`d like to use the ediretory LDAP to auth users being member of a specific group which allows them to access the internet via squid-Server.

now i allready found that this might be the "auth_param basic program /usr/lib64/squid/basic_ldap_auth" which already asks for username an password but it does not give me any access to the internet never the less what group i am in or not....

I think its about the wrong

Code:

# /usr/lib64/squid/basic_ldap_auth -d -b "cn=ldap,o=xxxx" -w xxxxx -b o=xxxx -s sub -f "(&(objectclass=User)(cn=%s)(groupMembership=%g))" -h ldaps://1xxx -p 636
ldap ldap
basic_ldap_auth.cc(685): pid=11111 :user filter '(&(objectclass=User)(cn=ldap)(groupMembership=6.95281e-310))', searchbase 'o=xxx'
basic_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server'
ERR Success

ERR Missing username

ldapsearch works, and i can see that the ldap-server is responding....

found digest_edirectory_auth working on that....

that looks good, but does not work.

I used:

Quote:

/usr/lib64/squid/digest_edirectory_auth -A password -v 3 -D "cn=ldap,o=xxx" -b "o=kxxx" -w xxxx -b o=xxxxx -s sub -F "(&(objectclass=User)(cn=%s))" -h xxxxxx
user pw
ER

I am not sure if "-A password" is the right field. Any idea ?