Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Mike Drummond on December 31, 2000, 12:24:21 AM

Title: SQUID & LDAP Access
Post by: Mike Drummond on December 31, 2000, 12:24:21 AM

As a linux newbie I am struggling and some pointers would be appreciated :-)

I have added the necessary RPMs to allow development on my e-smith server.  

I have sucessfully installed the e-smith SquidGuard rpm

I have downloaded and compiled  squid-2.2.STABLE5 and NCSA in order to get the NCSA authentication option for squid working.  Apart from requiring its own passwd file (won't work with /etc/passwd) it is working fine.   There are two modifications I want to make to complete the internet access controls for users.

1. Have squid use the proxy authenticated user the same way as RFC931/Ident user.

2. Control access to web sites based on the a user group as defined in LDAP?.

The online FAQ and discussion lead me to the conclusion that I wil need to patch the squid source and recompile squid 2.2.x for both these changes.

The e-smith implementation does not appear to have placed the squid files in the default locations.  Recompiling the source seems straight forward but I don't know what modifications to the paths that would be required or where to make them.  The alternative would be to move the program files from the default locations to where the e-smith server implementation requires them after compilation.

Any pointers would be appreciated.

Thanks
Mike Drummmond

Title: Re: SQUID & LDAP Access
Post by: DUBREUIL christophe on January 21, 2001, 02:57:51 AM

I find a solution to this problem : I rewrote the ldap_auth module. Now, after the authentification, it look in the group branch of the ldap tree to verify if the user is a member of the group. I can send it to you if you want. (source and binaries)
So, You just have to create a groupe and put your users in it.
Excuse my english, I'm french.

Title: Re: SQUID & LDAP Access
Post by: Mike Drummond on January 23, 2001, 11:57:05 AM

Your english is better than mine :-).

I would appreciate a copy of the binaries and source so I can look at this further.

Kind Regards

Mike Drummond
mdrum@xtra.co.nz

Title: Re: SQUID & LDAP Access
Post by: Gordon Rowell on January 23, 2001, 08:14:14 PM

DUBREUIL christophe wrote:
>
> I find a solution to this problem : I rewrote the ldap_auth
> module. Now, after the authentification, it look in the group
> branch of the ldap tree to verify if the user is a member of
> the group. I can send it to you if you want. (source and
> binaries)

We are very happy to host this on www.e-smith.org

> So, You just have to create a groupe and put your users in it.
> Excuse my english, I'm french.

No apology required.

Gordon

Title: Re: SQUID & LDAP Access
Post by: mark on January 23, 2001, 08:18:20 PM

looks like a useful feature.  can this be implemented into the next version of e-smith?