Re: [squid-users] curious about ldap authentication

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 15 Jan 2004 19:21:11 +0100 (CET)

On Thu, 15 Jan 2004, cadu wrote:

> I've been reading a few docs and messages from the list archives and
> there is a mystery in my mind about how does squid validates the
> authenticity of the informed user and password

By a LDAP simple bind operation, asking your LDAP server if the password
is valid for the DN of the user.

> once the authentication is made by a previously created dummy user to
> log on the server and perform the search to check if the client user,
> who we suppose is exactly who he claims to be, does exist on a CN.

The search is optional and only required if the users DN can not be
directly derived from the login name.

The dummy user is also optional and only required if you need to search
for the users DN and your LDAP directory does not support anonymous
searches.

The operation can be described as

  1. Find out the users DN

    1a) By constructing the user DN from the base DN (-b) and user
attribute name (-u) + login.

    1b) Or alternatively search for the DN using a search filter (-f),
optionally binding as a dummy user (-D,-w) while searching.

  2. Try to bind to the user DN to verify the password

DN = Distinguished Name, the exact name of the object within the LDAP
directory.

Regards
Henrik
Received on Thu Jan 15 2004 - 11:21:22 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:06 MST