[FUG-BR] Ajuda com squid_ldap_auth
Ricardo Souza
ricardo.souza em ti.cmtsp.com.br
Segunda Dezembro 28 11:19:10 BRST 2009
Consegui.
external_acl_type ldap_group children=30 %LOGIN
/usr/local/libexec/squid/squid_ldap_group -v 3 -R -b "DC=autopass" -D
"cn=squid,ou=
Internet,DC=autopass" -w "mypass" -f "(&(objectclass=person)
(sAMAccountName=%v) (memberof=cn=%a,ou=Internet,dc=autopass))" -h
192.168.9.12 -p 389
Agora estou apanhando para liberar alguns sites para um grupo especifico.
#Grupo Acesso Padrao
acl ldapAcessoPadrao external ldap_group AcessoPadrao
# ACL com sites permitidos para Acesso Padrao
acl acesso_padrao dstdomain -i "/usr/local/squid/sites_acesso_padrao"
http_access allow ldapAcessoPadrao acesso_padrao
Alguem tem uma sugestao?
2009/12/19 Giancarlo Rubio <gianrubio em gmail.com>:
> Ele jamais irá funcionar assim, troque as variaves %v e %a.
> Faca funcionar pelo filtro do ldapsearch e dps troque no seu squid_ldap.
>
> 2009/12/19 Ricardo Souza <ricardo.souza em ti.cmtsp.com.br>
>
>> caos# ldapsearch -b "CN=squid,OU=Internet,DC=AUTOPASS" -D
>> "CN=squid,OU=Internet,DC=AUTOPASS" -w "nypass" -h 192.168.9.12:389
>>
>> "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=Internet,dc=autopass))"
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <CN=squid,OU=Internet,DC=AUTOPASS> with scope subtree
>> # filter:
>> (&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=Internet,dc=autopass))
>> # requesting: ALL
>> #
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 1
>> caos#
>>
>>
>> 2009/12/19 Giancarlo Rubio <gianrubio em gmail.com>:
>> > E com esse filtro abaixo, funciona no ldapsearch??
>> >
>> > "(&(objectclass=person)(
>> > sAMAccountName=%v)(memberof=cn=%a,ou=Internet,dc=autopass))"
>> >
>> >
>> > 2009/12/19 Ricardo Souza <ricardo.souza em ti.cmtsp.com.br>
>> >
>> >> Eu testei com ldapsearch assim.
>> >> A maldita sintaxe é diferente.
>> >>
>> >>
>> >> ldapsearch -b "CN=squid,OU=Internet,DC=AUTOPASS" -D
>> >> "CN=squid,OU=Internet,DC=AUTOPASS" -w "mypass" -h 192.168.9.12:389
>> >> # extended LDIF
>> >> #
>> >> # LDAPv3
>> >> # base <CN=squid,OU=Internet,DC=AUTOPASS> with scope subtree
>> >> # filter: (objectclass=*)
>> >> # requesting: ALL
>> >> #
>> >>
>> >> # squid, Internet, AUTOPASS
>> >> dn: CN=squid,OU=Internet,DC=AUTOPASS
>> >> objectClass: top
>> >> objectClass: person
>> >> objectClass: organizationalPerson
>> >> objectClass: user
>> >> cn: squid
>> >> givenName: squid
>> >> distinguishedName: CN=squid,OU=Internet,DC=AUTOPASS
>> >> instanceType: 4
>> >> whenCreated: 20091218193058.0Z
>> >> whenChanged: 20091218193212.0Z
>> >>
>> >>
>> >>
>> >>
>> >> caos# /usr/local/libexec/squid/squid_ldap_group -b
>> >> "CN=squid,OU=Internet,DC=AUTOPASS" -D
>> >> "CN=squid,OU=Internet,DC=AUTOPASS" -w "squid123qwe" -h
>> >> 192.168.9.12:389 -f
>> >>
>> >>
>> "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=Internet,dc=autopass))"
>> >> -B "DC=AUTOPASS"
>> >> squid squid123qwe
>> >> ERR
>> >>
>> >>
>> >>
>> >>
>> >> 2009/12/19 Giancarlo Rubio <gianrubio em gmail.com>:
>> >> > 2009/12/19 Ricardo Souza <ricardo.souza em ti.cmtsp.com.br>
>> >> >
>> >> >> Alguem ai usa o squid_ldap_group fazendo query num AD no windows
>> 2008?
>> >> >>
>> >> >> O user do squid está em
>> >> >> Ou=Internet,DC=AUTOPASS.
>> >> >> Nao consigo fazer a query.
>> >> >>
>> >> >>
>> >> >> caos# /usr/local/libexec/squid/squid_ldap_group -b
>> >> >> "CN=squid,OU=Internet,DC=autopass" -D
>> >> >> "cn=squid,ou=internet,dc=autopass" -w "mypass" -f '(&(uid=%u))' -h
>> >> >> 192.168.9.12 -p 389 -v3
>> >> >> squid mypass
>> >> >> ERR
>> >> >>
>> >> >
>> >> > Eu não uso, mais uma dica seria vc tentar fazer o filtro funcionar com
>> >> > ldapsearch e dps implementar usando o squid_ldap_auth.
>> >> >
>> >> >
>> >> > --
>> >> > Giancarlo Rubio
>> >> > -------------------------
>> >> > Histórico: http://www.fug.com.br/historico/html/freebsd/
>> >> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>> >> >
>> >> -------------------------
>> >> Histórico: http://www.fug.com.br/historico/html/freebsd/
>> >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>> >>
>> >
>> >
>> >
>> > --
>> > Giancarlo Rubio
>> > -------------------------
>> > Histórico: http://www.fug.com.br/historico/html/freebsd/
>> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>> >
>> -------------------------
>> Histórico: http://www.fug.com.br/historico/html/freebsd/
>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>>
>
>
>
> --
> Giancarlo Rubio
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
Mais detalhes sobre a lista de discussão freebsd