[squid-users] Re: Compiling squid with sun LDAP SDK

Hello Bradley,

I apologize for such a delay in responding to your message. Between
work and home, I've been very busy...

As to using the SunONE SDK for interfacing LDAP data between Squid and a
SunONE Directory server, I have not deployed such a solution. Here at
Komatsu Canada Limited (KCL), I have deployed Squid using the standard
Squid LDAP authentication and group helpers to interface with a SunONE
Directory Server.

The sanitized relevant fragment of my Squid configuration I use is:
----------------------------------------------------------------------------------------
auth_param basic program /usr/lib/squid/squid_ldap_auth -h LDAP_HOST -p
LDAP_PORT -P -b o=Base_OU -f "(|(uid=%s)(mail=%s))"

auth_param basic children 20
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 5 minute

external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -h
LDAP_HOST -p LDAP_PORT -P -b o=Base_OU -F "(|(uid=%s)(mail=%s))" -f
"(&(cn=%g)(uniquemember=%u)(objectClass=groupOfUniqueNames))"
----------------------------------------------------------------------------------------

I have approximately 700 web proxy users and six transparent web portal
applications deployed through the Squid servers here at KCL. I upped
the children from the default value to 20. More agents to handle LDAP
authentication and group checks. So far, I have seen no performance
problems. The Squid servers are dual PIII 1GHz SCSI-160 machines.
Although I've learned Squid is not multi-CPU aware. :^(

Still even with using only one of the PIII processors, Squid does not
consume too much. The servers are 90% plus idle. Disk transaction is
moderate.

Hope this helps...

Tim

-----------------------------------------------------------
Timothy E. Neto
 Computer Systems Engineer Komatsu Canada Limited
 Ph#: 905-625-6292 x265 1725B Sismet Road
 Fax: 905-625-6348 Mississauga, Canada
 E-Mail: tneto@komatsu.ca L4W 1P9
-----------------------------------------------------------

BRADLEY PENDERGAST wrote:

>Hi Tim,
>
>I noticed a post the squid mailing list where you state that you have
>compiled squid successfully using the SUN SDK and are authenticating against
>SUNOne directory Server 5.2.
>
>I am struggling to accomplish this same task and hope that you can assist.
>Following are my actions to date. I am using Squid2.5 stable7 and have
>downloaded the LDAP SDK ( dsrk52-SunOS5.8_OPT.zip and
>dsrk52-SunOS5.8_DBG.zip ) from java.sun.com. I have copied a set of lib and
>includes from the SDK to /usr/local/lib and /usr/local/include.
>
>I use ./configure --enable-external-acl-helpers="ldap_group"
>--enable-auth="basic" --enable-basic-auth-helpers="LDAP"'
>
>Then run gnu make and get the following errors when the squid_ldap_auth
>section is encountered.
>
>make[2]: Entering directory
>`/opt/squid/src/squid-2.5.STABLE7/helpers/basic_auth'
>Making all in LDAP
>make[3]: Entering directory
>`/opt/squid/src/squid-2.5.STABLE7/helpers/basic_auth/LDAP'
>source='squid_ldap_auth.c' object='squid_ldap_auth.o' libtool=no \
>depfile='.deps/squid_ldap_auth.Po' tmpdepfile='.deps/squid_ldap_auth.TPo' \
>depmode=none /bin/sh ../../../cfgaux/depcomp \
>gcc -DHAVE_CONFIG_H -I. -I. -I../../../include -I../../../include -g
>-Wall -c `test -f squid_ldap_auth.c || echo './'`squid_ldap_auth.c
>squid_ldap_auth.c: In function `open_ldap_connection':
>squid_ldap_auth.c:248: `LDAP_OPT_SUCCESS' undeclared (first use in this
>function)
>squid_ldap_auth.c:248: (Each undeclared identifier is reported only once
>squid_ldap_auth.c:248: for each function it appears in.)
>squid_ldap_auth.c:253: warning: implicit declaration of function
>`ldap_start_tls_s'
>make[3]: *** [squid_ldap_auth.o] Error 1
>make[3]: Leaving directory
>`/opt/squid/src/squid-2.5.STABLE7/helpers/basic_auth/LDAP'
>make[2]: *** [all-recursive] Error 1
>make[2]: Leaving directory
>`/opt/squid/src/squid-2.5.STABLE7/helpers/basic_auth'
>make[1]: *** [all-recursive] Error 1
>make[1]: Leaving directory `/opt/squid/src/squid-2.5.STABLE7/helpers'
>make: *** [all-recursive] Error 1
>
>I e-mailed the squid mailing list and did not receive any useful replies.
>
>Are you able assist and tell me the iplanet libraries that you used and how
>you compliled squid.
>
>
>Many thanks,
>
>Brad Pendergast
>
>
>
>
>________________________________________________________
>NOTICE
>The information in this email and or any of the attachments may contain;
>a. Confidential information of Credit Union Services Corporation (Australia) Limited (CUSCAL) or third parties; and or
>b. Legally privileged information of CUSCAL or third parties; and or
>c. Copyright material of CUSCAL or third parties.
>If you are not an authorised recipient of this email, please contact CUSCAL immediately by return email or by telephone on 61-2-8299 9000 and delete the email from your system.
>We do not accept any liability in connection with computer virus, data corruption, interruption or any damage generally as a result of transmission of this email.
>
>
>
Received on Wed Feb 23 2005 - 15:01:09 MST