[squid-users] Antw: RE: Antw: RE: squid-3.3.8-26.el7_2.4.x86_64 using Novell eDirectory with /usr/lib64/squid/digest_edirectory_auth
Eliezer Croitoru
eliezer at ngtech.co.il
Wed Dec 14 14:05:44 UTC 2016
What have you tried to test the helpers by themselves?
Let say you run from the command line the command which squid runs and like in the example in the mailing list which I attached,
What happens?
Eliezer
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
-----Original Message-----
From: bjoern wahl [mailto:bjoern.wahl at hospital-borken.de]
Sent: Wednesday, December 14, 2016 2:06 PM
To: squid-users at lists.squid-cache.org; eliezer at ngtech.co.il
Subject: Antw: RE: Antw: RE: [squid-users] squid-3.3.8-26.el7_2.4.x86_64 using Novell eDirectory with /usr/lib64/squid/digest_edirectory_auth
I would like to use a group, but i would be happy if anything with ldap would be working.
Just in case, i did a tcpdump an i can see that the server communicates with the ldap-server, and that the squid gets an answer.
>>> Eliezer Croitoru <eliezer at ngtech.co.il> 13.12.16 14.37 Uhr >>>
Which of the helpers are you having issues with?
The Group or the user one?
I did some experiment with ldap groups which can be found at:
http://lists.squid-cache.org/pipermail/squid-users/2015-July/004874.html
Eliezer
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
-----Original Message-----
From: bjoern wahl [mailto:bjoern.wahl at hospital-borken.de]
Sent: Tuesday, December 13, 2016 9:15 AM
To: squid-users at lists.squid-cache.org; eliezer at ngtech.co.il
Subject: Antw: RE: [squid-users] squid-3.3.8-26.el7_2.4.x86_64 using Novell eDirectory with /usr/lib64/squid/digest_edirectory_auth
Hello!
Thanks for the fast response.
I got the Ldap-Auth working with
SLES11.4 / squid3-3.1.23-8.16.33.2
=========================================================================================================
auth_param basic program /usr/sbin/squid_ldap_auth -d -D "cn=xxx,o=xxxx"
-w xx -b o=x -s sub -f "(&(objectclass=User)(cn=%s))" -h ldaps://xxxx -p
636
external_acl_type ldap_group %LOGIN /usr/sbin/squid_ldap_group -d -D
"cn=xx,o=x" -w ldap -b o=x -s sub -f
"(&(objectclass=User)(cn=%u)(groupMembership=%g))" -h ldaps://x -p 636
=========================================================================================================
but now i would like to do it with
CentOS Linux release 7.2.1511 / squid-3.3.8-26.el7_2.4.x86_64
and it turned out the I have no more "squid_ldap_auth" but i found
"basic_ldap_auth".
So it tried switching "squid_ldap_auth" to "basic_ldap_auth" but that
did not work....
I get the login window, but even if i enter a vaild user, i can not
access a website.
squid.conf looks like this:
=========================================================================================================
auth_param basic program /usr/lib64/squid/basic_ldap_auth -d -D
"cn=xxx,o=xxx" -w xxx -b o=xxx -s sub -f "(&(objectclass=User)(cn=%s))"
-h ldaps://xxxx -p 636
auth_param basic children 5
auth_param basic credentialsttl 2 hours
acl ediruser proxy_auth REQUIRE
http_access allow ediruser
http_access deny all
=========================================================================================================
>>> Eliezer Croitoru <eliezer at ngtech.co.il> 12.12.16 15.28 Uhr >>>
Hey,
digest_edirectory_auth is not for LDAP but for edirectory but I a not
too familiar with this to tell you how to test.
Basically you need a "basic" ldap authentication helper Which the source
is:
http://bazaar.launchpad.net/~squid/squid/3.5/files/head:/helpers/basic_auth/LDAP/
And we are also missing the squid.conf.
Try find out if there some helper in the /usr/lib64/squid/ directory
which contains ldap.
Let me know if we are on the right direction.
Eliezer
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On
Behalf Of bjoern wahl
Sent: Monday, December 12, 2016 3:53 PM
To: squid-users at lists.squid-cache.org
Subject: [squid-users] squid-3.3.8-26.el7_2.4.x86_64 using Novell
eDirectory with /usr/lib64/squid/digest_edirectory_auth
Hello!
I would like to install a squid-3.3.8-26.el7_2.4.x86_64 (CentOS7) using
LDAP auth with digest_edirectory_auth, but i can not get it working.
Does anybody user this ?
I tried:
/usr/lib64/squid/digest_edirectory_auth -A password -l : -e -v 3 -D
"cn=xxxx,o=xxxxx" -b "o=xxxxx" -w xxxx -b o=xxxx -s sub -F
"(&(objectclass=User)(cn=%s))" -Z -h ldaps://xxxxxx -n
but i only get:
user1 pw1
ERR
user2 pw2
ERR
user3 pw3
ERR
Any ideas ?
Thanks, Björn !
Träger: Klinikum Westmünsterland GmbHGeschäftsführer: Christoph Bröcker, Ludger Hellmann (Sprecher)
Aufsichtsratsvorsitzender: Jürgen Büngeler
Diese E-Mail enthält vertrauliche oder rechtlich geschützte
Informationen. Wenn Sie nicht der beabsichtigte Empfänger sind,
informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail.
Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der
enthaltenen Informationen ist nicht gestattet.
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Träger: Klinikum Westmünsterland GmbH
Jur. Sitz der Gesellschaft: Am Boltenhof 7, 46325 Borken Registergericht
Coesfeld, HRB Nr. 4184 I Ust.-Id.Nr.: DE123762133
Geschäftsführer: Christoph Bröcker, Ludger Hellmann (SprechDiese E-Mail
enthält vertrauliche oder rechtlich geschützte Informationen. Wenn Sie
nicht der beabsichtigte Empfänger sind, informieren Sie bitte sofort den
Absender und löschen Sie diese E-Mail.
Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der
enthaltenen Informationen ist nicht gestattet.
Träger: Klinikum Westmünsterland GmbH
Jur. Sitz der Gesellschaft: Am Boltenhof 7, 46325 Borken
Registergericht Coesfeld, HRB Nr. 4184 I Ust.-Id.Nr.: DE123762133
Geschäftsführer: Christoph Bröcker, Ludger Hellmann (Sprecher)
Aufsichtsratsvorsitzender: Jürgen Büngeler
Diese E-Mail enthält vertrauliche oder rechtlich geschützte
Informationen. Wenn Sie nicht der beabsichtigte Empfänger sind,
informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail.
Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der
enthaltenen Informationen ist nicht gestattet.
More information about the squid-users
mailing list