Re: [linux] SQUID-LDAP problem

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
Mtidalbobo at <-
Mtidalbobo at ->
Attachments:
Message as email
+ (text/plain)
+ (text/html)
Delete this message
Reply to this message
Author: tidalbobo
Date:  
To: Yajith Ajantha Dayarathna | යජිත් අජන්ත දයාරත්න
CC: linux, cse9899
Subject: Re: [linux] SQUID-LDAP problem
@යජිත්,

I tried this too
But seems like squid_ldap_group takes only username and groupname as inputs.
Also it did not allow me to give a dynamic ( as in the IP ) value for the
group

See this

external_acl_type *ldap_ip* %LOGIN /usr/lib/squid/squid_ldap_group -b
"O=XXX" -f "(&(uid=%v)(*ipAddess=%g*))" -h XXXX
acl iplocked external *ldap_ip* < here i need to pass the IP>

But How?
If there is a way to pass the IP at < here i need to pass the IP> , then i
can manage with it.
I tried %SRC, but it does not work, mabe coz it is expected at
external_acl_type declaration
What is in < here i need to pass the IP> is used to replace %g in the
filter. So if i can get the IP passed to < here i need to pass the IP> then
all should, hopefully work




2009/9/24 Yajith Ajantha Dayarathna | යජිත් අජන්ත දයාරත්න <>

> Hi,
>
> I think you can use "squid_ldap_group" module to perform some sort of
> filtering on the ldap query results to get the things you need. Just an
> idea. :)
>
> cheers!
>
> On Thu, Sep 24, 2009 at 10:02 AM, tidalbobo <> wrote:
>
>> I need some help to get squid to validate user's IP taken from an
>> (open)LDAP server.
>>
>> Basically, the LDAP server will have each users username, password and ip
>> When connecting to squid,
>>
>>    - will chec to see if user name and pass is ok against the LDAP. For
>>    this i have used

>>
>> auth_param basic program /usr/lib/squid/squid_ldap_auth -b "O=XXXXXXX" -f
>> "(&(uid=%s))" -h XXXXXXXX
>> this is ok and working nicely
>>
>>
>>    - Now, once the user is properly authenticated, i need squid to check
>>    the users IP with that stored in the LDAP, and allow only if they match.

>>
>> Any help on this?
>> Has to be done via the IP information stored in LDAP. There seems to be
>> lots of ways to validate the IP from a file (txt), but that is not what i
>> need.
>>
>> Thanks in advance
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> linux-raw mailing list
>>
>> https://secure.lug.lk/mailman/listinfo/linux-raw
>>
>
>
>
> --
> Yajith Ajantha | යජිත් අජන්ත
>
This message was posted to the following mailing lists:
GNU/Linux (Technical)
Mailing List Info | Nearby Messages		<-[linux] SQUID-LDAP problem[linux] Linux on HP-Compaq CQ61-203TX->
LK-LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)