-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 16-06-2010 14:44, maximatt wrote:
> i try to config squid to authenticate with two ldap servers... but i
> have some isues.... so...
You can find one example in the wiki ConfigExamples:
http://wiki.squid-cache.org/ConfigExamples/Authenticate/MultipleSources
> - ¿squid_ldap_auth can resolve via dns the ldap host?
That's an interesting question.
> - ¿squid_ldap_auth support multiple ldap servers?
I don't think so.
At our company, we recently had a request to add
AD as a source of user+passwd to a configuration that was
authenticating against OpenLDAP.
Instead of using the above example, we hacked a
shell scripts that does something similar without the
need of an external_acl, it is not elegant and it can
quickly overload your server, but it can work:
while [ 1 ]; do
read TOKEN
U="${TOKEN%% *}"
P="${TOKEN#* }"
if $somecondition; then
echo $TOKEN | /usr/lib/squid3/squid_ldap_auth -v 3 \
-b "dc=base,dc=example,dc=org" \
-D cn=squid-connector,dc=base,dc=example,dc=org \
-w passwordA \
-f "(&(uid=$U)(proxyAccess=TRUE))" serverA
else
echo $TOKEN | /usr/lib/squid3/squid_ldap_auth -v 3 -R \
-b "dc=base,dc=example,dc=net" \
-D "cn=squid-connector,dc=base,dc=example,dc=net" \
-w passwordB \
-f 'sAMAccountName=%s' serverB
fi
done
This scripts is working nicely. :)
You could easily adapt it to query servers in
order, try 1, if it fails, try 2 and so on.
Kind regards,
- --
Felipe Augusto van de Wiel <felipe.wiel_at_hpp.org.br>
Tecnologia da Informação (TI) - Complexo Pequeno Príncipe
http://www.pequenoprincipe.org.br/ T: +55 41 3310 1747
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCgAGBQJMGTpGAAoJECCPPxLgxLxP4IEP/1Y/rMXyiz1QJn45EUZqUnre
laLVkTG/XCsx6cYQ/F6/LeDR2FY8Pou73Kkn09QkdKCgHRTqGn6IL0nN4Gtf3Drf
On/1xUa5mcGSsf4WgwONiafMTlRxDu7PDfH5EI9YOUOGTgbY0bKH4+nqGhK8hiTd
dcrrVB3H1v50/8Is4Fo9IbG4ZKKR/Q/HyBYfX6uRm16rbUpB57S+pOOpjFW0PTrD
BfHHdgN5SFZAl/S59PsLOYBQnKOMHLWZwz0d+xenCOu0X/W4N5NeaJRt3qITiVIQ
P0mYElMzleWX3LksMBkLU0wquClpmIvSt+OqPQjFKBdGRnqp16E9n9mCsp2uR7oC
g3vqX6ZXr9o7YNi70sb+bqGj0xZ8Xf4M2h1P2lKMuKfxKFwhA2OcS3vbd5W5dgOC
84soL0Z9L4spdDB4SPiM/faUvVGb40YP1OFM1b6ae/0FBKIAkdriwMTfXi/kOJsD
I7lMhMA/kszO1R7z02KaV93T/dKSoTZPlgEbh+SyiTd/JSoO6cboNPGlgj6kFp4o
5rEnmYkTTSVCOqXAKcJ+nE7YjO3SMocK5scrEpGJwkjDxLTPm5Prb9aeDU74SzhR
gBUi1o6kUtdVo0WffPQYkRMO6Iuo9sYzKBhHIz0M/ao2G6MtF4CnHZTaxa92B+n1
RSXdQv3xC2ihxbKcB6vZ
=1wJp
-----END PGP SIGNATURE-----
Received on Wed Jun 16 2010 - 20:55:46 MDT
This archive was generated by hypermail 2.2.0 : Thu Jun 17 2010 - 12:00:03 MDT