Why do you need to compile additional helpers. The standard
squid_ldap_auth and squid_ldap_group helpers work fine against the
SunONE Directory server 5.2. I have been using Squid 2.5 STABLE 5 since
January against SunONE Directory Server 5.2. Here are some snippets
from my Squid config file.
---------------------------------------------------------------
auth_param basic program /usr/lib/squid/squid_ldap_auth -h
ldap_host.your_domain.org -p ldap_port -P -b o=base_ou -f
"(|(uid=%s)(mail=%s))"
auth_param basic children 20
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 5 minute
external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -h
ldap_host.your_domain.org -p ldap_port -P -b o=base_ou -F
"(|(uid=%s)(mail=%s))" -f
"(&(cn=%g)(uniquemember=%u)(objectClass=groupOfUniqueNames))"
---------------------------------------------------------------
I recently added to the LDAP query the ability to authenticate with the
user's E-Mail address. This allowed for the distinguishing of duplicate
users in the LDAP database. JDough of sub-company-A verses JDough of
sub-company-B. The user enters their ID as
jdough@sub-company-b.your_domain.org.
Biggest things to watch for are DNS (/etc/hosts) resolution of the LDAP
host, and your understanding of the structure of your LDAP schema.
Initially I had trouble with querying the LDAP schema. I was trying to
make it too complex.
No point in chasing encryption of the LDAP binds (unless you absolutely
have to), currently none of the common browers support encryption for
proxy challenges.
Tim
-----------------------------------------------------------
Timothy E. Neto
Computer Systems Engineer Komatsu Canada Limited
Ph#: 905-625-6292 x265 1725B Sismet Road
Fax: 905-625-6348 Mississauga, Canada
E-Mail: tneto@komatsu.ca L4W 1P9
-----------------------------------------------------------
Lewars, Mitchell (EM, PTL) wrote:
>Any tips on compiling Squid with the Sun Directory Server SDK?
>
>We want to use the Auth_LDAP helper but we would like to use the Sun Directory Server SDK.
>
>Thanks
>
>Mitch
>
>
>
Received on Mon Oct 04 2004 - 07:14:19 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Nov 01 2004 - 12:00:01 MST