Squid Web Proxy Cache › Squid - Users

Multiple LDAP Servers

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

3 messages Options

mjrenziehausen

Multiple LDAP Servers

Does anyone know of a way to query multiple LDAP servers using the squid_ldap_auth? I am running 2.6STABLE9.

What I'm really looking to do is perform an LDAP look up to find a user in any one of 3 separate Windows domains.

Felipe Augusto van de Wiel

Re: Multiple LDAP Servers

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/14/2007 09:53 AM, [hidden email] wrote:
> Does anyone know of a way to query multiple LDAP servers using
> the squid_ldap_auth? I am running 2.6STABLE9.
>
> What I'm really looking to do is perform an LDAP look up to
> find a user in any one of 3 separate Windows domains.

I never tried against multiple servers, but we use a
custom shell script to authenticate our users, so you could
create a shell script and with some "if then else" you should
be able to test agains the 3 machines. Here is the line:

auth_param basic program <path-to-script>

Basically, the script need to answer using the SQUID
auth protocol (OK or ERR), you could still use ldap_auth inside
of it, just test the return or something related before test the
next server.

I hope this helps, kind regards,

- --
Felipe Augusto van de Wiel <[hidden email]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGSctvCj65ZxU4gPQRAqQvAKC/VHUWuI7XS65l+/5eg2SnBfP1+gCfauuW
qbdPr+zh6ishoDVhf1kzFsI=
=j39x
-----END PGP SIGNATURE-----

Pat Riehecky

Re: Multiple LDAP Servers

Or depending on your setup and server os you could have squid point at
pam and have pam utilize the 3 ldap servers as the back end...

The former suggestion is better in my opinion, but pam would get the job
done (while introducing the joys of winbind possibly....)

The script makes more sense but sometime utilizing code someone else
wrote is a bit safer... YMMV

Pat

On Tue, 2007-05-15 at 12:02 -0300, Felipe Augusto van de Wiel wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 05/14/2007 09:53 AM, [hidden email] wrote:
> > Does anyone know of a way to query multiple LDAP servers using
> > the squid_ldap_auth? I am running 2.6STABLE9.
> >
> > What I'm really looking to do is perform an LDAP look up to
> > find a user in any one of 3 separate Windows domains.
>
> I never tried against multiple servers, but we use a
> custom shell script to authenticate our users, so you could
> create a shell script and with some "if then else" you should
> be able to test agains the 3 machines. Here is the line:
>
> auth_param basic program <path-to-script>
>
>
> Basically, the script need to answer using the SQUID
> auth protocol (OK or ERR), you could still use ldap_auth inside
> of it, just test the return or something related before test the
> next server.
>
>
> I hope this helps, kind regards,
>
> - --
> Felipe Augusto van de Wiel <[hidden email]>
> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
> http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGSctvCj65ZxU4gPQRAqQvAKC/VHUWuI7XS65l+/5eg2SnBfP1+gCfauuW
> qbdPr+zh6ishoDVhf1kzFsI=
> =j39x
> -----END PGP SIGNATURE-----