[squid-users] ldap_auth_param userCertificate

From: Zaki Akhmad <zakiakhmad@dont-contact.us>
Date: Tue, 5 Sep 2006 09:49:05 -0700

Hello all

After long-long night, finally my squid can do authentication from LDAP server.

# vi squid.conf
auth_param basic program /usr/lib/squid/ldap_auth -b
"ou=paume,o=itb,c=id" -D "cn=admin,ou=paume,o=itb,c=id" -w "rahasia"
-f "(uid=%s)" -h localhost

This kind of authentication is matching the uid attribute and
userPassword from data on LDAP server. I have a question. Can I
authenticate squid, still the data from the LDAP server, but this time
I don't match the uid attribute and userPassword attribute, but from
uid attribute and userCertificate attribute. Can I? If yes, then how?

FYI, I am running OpenCA, and I have successfully export the
certificate into LDAP server. This is the data on my LDAP server.

dn: uid=pangerankecil,ou=paume,o=ITB,c=ID
cn: Pangeran Kecil
sn: Kecil
uid: pangerankecil
mail: pangerankecil@gmail.com
ou: paume
o: ITB
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: opencaEmailAddress
objectClass: pkiUser
structuralObjectClass: inetOrgPerson
entryUUID: c1d24c14-d141-102a-8391-ae28c25d67be
creatorsName: cn=admin,ou=PAUME,o=ITB,c=ID
createTimestamp: 20060905154845Z
userCertificate;binary:: MIIElDCCA/2gAwIBAgIBBjANBgkqhkiG9w0BAQUFADBqMQswCQYDV
 QQGEwJJRDEMMAoGA1UEChMDSVRCMQ4wDAYDVQQLEwVQQVVNRTEUMBIGA1UEAxMLWmFraSBBa2htYW
 QxJzAlBgkqhkiG9w0BCQEWGHphQHN0dWRlbnRzLmVlLml0Yi5hYy5pZDAeFw0wNjA4MTQwMDQwNTd
 aFw0wNzA4MTQwMDQwNTdaMFQxCzAJBgNVBAYTAklEMQwwCgYDVQQKEwNJVEIxEjAQBgNVBAsTCUVt
 cGxveWVlczEXMBUGA1UEAxMOUGFuZ2VyYW4gS2VjaWwxCjAIBgNVBAUTATYwgZ8wDQYJKoZIhvcNA
 QEBBQADgY0AMIGJAoGBALDfqU7KMP1yYG7epG2MfpFOoQndT16Gfhzimdne+lM3P9ydIr/fNoPT1K
 nojtIERgVkefRyTVKXYyKIUgIl6GgBCDPbKJhlIgOzYh2Jqi41z+KncjOqywQIvgzCpJ2RsIMLBBs
 l+c4SJF3DGKQTIsbfPFswEJ+iYgNHJNgNWo53AgMBAAGjggJeMIICWjAJBgNVHRMEAjAAMDgGA1Ud
 IAQxMC8wLQYEKgMDBDAlMCMGCCsGAQUFBwIBFhdodHRwOi8vc29tZS51cmwub3JnL2NwczARBglgh
 kgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgXgMCkGA1UdJQQiMCAGCCsGAQUFBwMCBggrBgEFBQcDBA
 YKKwYBBAGCNxQCAjAmBglghkgBhvhCAQ0EGRYXVXNlciBDZXJ0aWZpY2F0ZSBvZiBJVEIwHQYDVR0
 OBBYEFNFd41iMzf42NLkOtNobY1J1mYfDMIGcBgNVHSMEgZQwgZGAFLEOThW/vgiEkySzM9tgJwFH
 M7/6oW6kbDBqMQswCQYDVQQGEwJJRDEMMAoGA1UEChMDSVRCMQ4wDAYDVQQLEwVQQVVNRTEUMBIGA
 1UEAxMLWmFraSBBa2htYWQxJzAlBgkqhkiG9w0BCQEWGHphQHN0dWRlbnRzLmVlLml0Yi5hYy5pZI
 IJAJDoOs9mUQrRMCIGA1UdEQQbMBmBF3BhbmdlcmFua2VjaWxAZ21haWwuY29tMCMGA1UdEgQcMBq
 BGHphQHN0dWRlbnRzLmVlLml0Yi5hYy5pZDAxBglghkgBhvhCAQQEJBYiaHR0cDovL2xvY2FsaG9z
 dC9wdWIvY3JsL2NhY3JsLmNybDAxBglghkgBhvhCAQMEJBYiaHR0cDovL2xvY2FsaG9zdC9wdWIvY
 3JsL2NhY3JsLmNybDAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vbG9jYWxob3N0L3B1Yi9jcmwvY2
 FjcmwuY3JsMA0GCSqGSIb3DQEBBQUAA4GBAHJmfOtmUYrtNCuQyqs+sVouDUUM8/D8ckYiUfxf9y9
 ANP1zTtrn9XJsKEZTmrHTM30VzYReMU7yIi9IfbCQlfKeLGn6iv3ToPnJHGDpy67XVwbeoa5oEmVI
 E9ZjTpooSRGAzwvJLzVAQ+GWTCBcEsJdJ8R6rv/xzwXX/xWR2Qy6
userPassword:: e0NSWVBUfS9zRUp6T3FyZDcyeTY=
entryCSN: 20060905154930Z#000001#00#000000
modifiersName: cn=admin,ou=PAUME,o=ITB,c=ID
modifyTimestamp: 20060905154930Z

Thank you for your attention.
Best Regards

-- 
Zaki Akhmad
Received on Tue Sep 05 2006 - 10:49:14 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:03 MDT