Hello all
After long-long night, finally my squid can do authentication from LDAP server.
# vi squid.conf
auth_param basic program /usr/lib/squid/ldap_auth -b
"ou=paume,o=itb,c=id" -D "cn=admin,ou=paume,o=itb,c=id" -w "rahasia"
-f "(uid=%s)" -h localhost
This kind of authentication is matching the uid attribute and
userPassword from data on LDAP server. I have a question. Can I
authenticate squid, still the data from the LDAP server, but this time
I don't match the uid attribute and userPassword attribute, but from
uid attribute and userCertificate attribute. Can I? If yes, then how?
FYI, I am running OpenCA, and I have successfully export the
certificate into LDAP server. This is the data on my LDAP server.
dn: uid=pangerankecil,ou=paume,o=ITB,c=ID
cn: Pangeran Kecil
sn: Kecil
uid: pangerankecil
mail: pangerankecil@gmail.com
ou: paume
o: ITB
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: opencaEmailAddress
objectClass: pkiUser
structuralObjectClass: inetOrgPerson
entryUUID: c1d24c14-d141-102a-8391-ae28c25d67be
creatorsName: cn=admin,ou=PAUME,o=ITB,c=ID
createTimestamp: 20060905154845Z
userCertificate;binary:: MIIElDCCA/2gAwIBAgIBBjANBgkqhkiG9w0BAQUFADBqMQswCQYDV
QQGEwJJRDEMMAoGA1UEChMDSVRCMQ4wDAYDVQQLEwVQQVVNRTEUMBIGA1UEAxMLWmFraSBBa2htYW
QxJzAlBgkqhkiG9w0BCQEWGHphQHN0dWRlbnRzLmVlLml0Yi5hYy5pZDAeFw0wNjA4MTQwMDQwNTd
aFw0wNzA4MTQwMDQwNTdaMFQxCzAJBgNVBAYTAklEMQwwCgYDVQQKEwNJVEIxEjAQBgNVBAsTCUVt
cGxveWVlczEXMBUGA1UEAxMOUGFuZ2VyYW4gS2VjaWwxCjAIBgNVBAUTATYwgZ8wDQYJKoZIhvcNA
QEBBQADgY0AMIGJAoGBALDfqU7KMP1yYG7epG2MfpFOoQndT16Gfhzimdne+lM3P9ydIr/fNoPT1K
nojtIERgVkefRyTVKXYyKIUgIl6GgBCDPbKJhlIgOzYh2Jqi41z+KncjOqywQIvgzCpJ2RsIMLBBs
l+c4SJF3DGKQTIsbfPFswEJ+iYgNHJNgNWo53AgMBAAGjggJeMIICWjAJBgNVHRMEAjAAMDgGA1Ud
IAQxMC8wLQYEKgMDBDAlMCMGCCsGAQUFBwIBFhdodHRwOi8vc29tZS51cmwub3JnL2NwczARBglgh
kgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgXgMCkGA1UdJQQiMCAGCCsGAQUFBwMCBggrBgEFBQcDBA
YKKwYBBAGCNxQCAjAmBglghkgBhvhCAQ0EGRYXVXNlciBDZXJ0aWZpY2F0ZSBvZiBJVEIwHQYDVR0
OBBYEFNFd41iMzf42NLkOtNobY1J1mYfDMIGcBgNVHSMEgZQwgZGAFLEOThW/vgiEkySzM9tgJwFH
M7/6oW6kbDBqMQswCQYDVQQGEwJJRDEMMAoGA1UEChMDSVRCMQ4wDAYDVQQLEwVQQVVNRTEUMBIGA
1UEAxMLWmFraSBBa2htYWQxJzAlBgkqhkiG9w0BCQEWGHphQHN0dWRlbnRzLmVlLml0Yi5hYy5pZI
IJAJDoOs9mUQrRMCIGA1UdEQQbMBmBF3BhbmdlcmFua2VjaWxAZ21haWwuY29tMCMGA1UdEgQcMBq
BGHphQHN0dWRlbnRzLmVlLml0Yi5hYy5pZDAxBglghkgBhvhCAQQEJBYiaHR0cDovL2xvY2FsaG9z
dC9wdWIvY3JsL2NhY3JsLmNybDAxBglghkgBhvhCAQMEJBYiaHR0cDovL2xvY2FsaG9zdC9wdWIvY
3JsL2NhY3JsLmNybDAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vbG9jYWxob3N0L3B1Yi9jcmwvY2
FjcmwuY3JsMA0GCSqGSIb3DQEBBQUAA4GBAHJmfOtmUYrtNCuQyqs+sVouDUUM8/D8ckYiUfxf9y9
ANP1zTtrn9XJsKEZTmrHTM30VzYReMU7yIi9IfbCQlfKeLGn6iv3ToPnJHGDpy67XVwbeoa5oEmVI
E9ZjTpooSRGAzwvJLzVAQ+GWTCBcEsJdJ8R6rv/xzwXX/xWR2Qy6
userPassword:: e0NSWVBUfS9zRUp6T3FyZDcyeTY=
entryCSN: 20060905154930Z#000001#00#000000
modifiersName: cn=admin,ou=PAUME,o=ITB,c=ID
modifyTimestamp: 20060905154930Z
Thank you for your attention.
Best Regards
-- Zaki AkhmadReceived on Tue Sep 05 2006 - 10:49:14 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:03 MDT