Re: [squid-users] LDAP authentication?

From: Jaime <jaime@dont-contact.us>
Date: Thu, 7 Dec 2006 07:18:38 -0500

On Dec 4, 2006, at 9:04 PM, Henrik Nordstrom wrote:
> There is a man page for squid_ldap_auth trying to explain most uses..
> man -M /usr/local/squid/man squid_ldap_auth

        Thanks. I'll re-install during some network down time and make sure
that this stuff is installed this time. Apparently, I did not choose
the LDAP optional support in the FreeBSD port when I installed it a
while ago.

        BTW, sorry for the delayed reply. Real life got in the way and all
that...

> * Which user attribute carries the information you want to use as
> login?

        Not sure. How do I find out? (Sorry, but I use LDAP for MacOS X
authentication from MacOS X workstations to a MacOS X server.)

> * Based DN of your LDAP tree

        IIRC, its dc=dir,dc=domain,dc=tld with obvious substitutions.

> * If anonymous searches is allowed.

        Yes. I already set up SquirrelMail's address book to search the
directory and this did not require any username/password pair.

> Please ignore pam_auth. It's just a last resort thing when there is no
> other helpers available. You should only go down that path if you want
> to use the LDAP for system authentication as well.

        Ah! Thanks for the info. That is a pretty major point all by
itself. Since the proxy is supposed to be an admin-only area, PAM
was definitely the wrong way to go.

                                                        Jaime
Received on Thu Dec 07 2006 - 05:19:00 MST

This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST