Re: [squid-users] OpenLDAP and Squid Authentication module

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 23 Apr 2001 23:50:04 +0200

The "official" (==distributed with the Squid sources) squid_ldap_auth
module has been quite extensively extended and documented just some
weeks ago, and I am afraid that much of what you have done is duplicated
effort there.

Please check out
http://www.squid-cache.org/cgi-bin/cvsweb.cgi/~checkout~squid/src/auth/basic/helpers/LDAP/
or the current snapshot releases of Squid-2.4 or 2.5.

It supports basic binding in mostly any forms one can think of. Both
directly constructing the user DN based on a base and the login name,
and the ability to use search filters to locate the proper user DN to
bind to (and to filter out unwanted users by user attributes). There is
no built in assumptions about attribute names and such and command line
options for about everything...

Next feature planned to be added to this Squid LDAP helper is group
cross referencing to restrict access to only users members of given
groups (or actually search filter looking in other objects than the user
to figure out if this user is valid for proxy use), but I have other
more important things to finish first.

If there is any feature missing that you have or want to have, please
shout, or better yet add it and send us a patch ;-)

--
Henrik Nordstrom
Squid Hacker
Chris Ross wrote:
> 
> Due to requirements we have made some clean ups and modifcations to the LDAP module
> for squid. We are releasing this code to the general public. The code can be obtained from
> 
> http://www.uksolutions.co.uk/downloads/squid_ldap_auth-chris-uks.tar.gz
> 
> This module provides the ability to authorise a user based upon "uid" and the "userPassword"
> object attributes. It also has the ability to check an objectClass at the the same time. This
> feature is particularily useful when a user exists within the LDAP database but you dont want
> to let them have access to the squid proxy server. This module will also operate correctly
> even when users are not authorised to read the userPassword field.
> 
> We hope this code is useful. If there are any queries please do not hesitate to contact myself,
> 
> Regards
> 
> Chris Ross
> 
> UKSolutions, part of CAD
> Including UK Shells, UK Colo
> 
> Tel: 01527 851 333  -  Fax: 01527 851 301
> Web: www.uksolutions.co.uk
> Email: chris@uksolutions.co.uk
> ---------------------------------------------------------------------------
> This email, and any attachment, is confidential and may contain information
> which is covered by legal, professional or other privilege.  If you are not
> the intended recipient,  please notify the sender immediately and destroy
> the email. You should not otherwise copy it, retransmit it or use or
> disclose its contents to anyone.
> ---------------------------------------------------------------------------
Received on Mon Apr 23 2001 - 16:22:55 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:34 MST