[debian-edu-commits] [Debian Wiki] Update of "DebianEdu/HowTo/Squid_LDAP_Authentication" by DashamirHoxha
Debian Wiki
wiki at debian.org
Sat Oct 15 11:48:46 BST 2022
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Debian Wiki" for change notification.
The "DebianEdu/HowTo/Squid_LDAP_Authentication" page has been changed by DashamirHoxha:
https://wiki.debian.org/DebianEdu/HowTo/Squid_LDAP_Authentication?action=diff&rev1=7&rev2=8
Comment:
Tried to update the names of the squid tools (basic_ldap_auth and ext_ldap_group_acl).
## page was renamed from DebianEdu/Squid LDAP Authentication
Brief instructions on how to get Squid to authenticate against your Debian-Edu LDAP database. This will get Squid (the web proxy server) to prompt users for the username and password they have in the skolelinux/debian-edu LDAP database.
- In /etc/squid/squid.conf:
+ In /etc/squid/conf.d/debian-edu-ldap-auth.conf:
1. Set up general authentication of users via ldap_auth.
{{{#! TAG: auth_param
- auth_param basic program /usr/lib/squid/ldap_auth -ZZ -b "ou=People,dc=skole,dc=skolelinux,dc=no" ldap
+ auth_param basic program /usr/lib/squid/basic_ldap_auth -ZZ -b "ou=People,dc=skole,dc=skolelinux,dc=no" ldap
auth_param basic children 30
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 1 hours}}}
@@ -16, +16 @@
2. Now that you can authenticate the users, tell it how to check that authenticated users are in a chosen group using squid_ldap_group.
{{{#! TAG: external_acl_type
- external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -ZZ -b "ou=Group,dc=skole,dc=skolelinux,dc=no" -f "(&(objectclass=posixGroup)(cn=%a)(member=%v))" -B "ou=People,dc=skole,dc=skolelinux,dc=no" -F uid="%s" ldap}}}
+ external_acl_type ldap_group %LOGIN /usr/lib/squid/ext_ldap_group_acl -ZZ -b "ou=Group,dc=skole,dc=skolelinux,dc=no" -f "(&(objectclass=posixGroup)(cn=%a)(member=%v))" -B "ou=People,dc=skole,dc=skolelinux,dc=no" -F uid="%s" ldap}}}
3. Create an acl (access control list) requiring first authentication and then the group check. The word "teachers" corresponds to a unix group and several can be placed here.
@@ -57, +57 @@
or nothing at all things are not working. eg
{{{
- gavinm at tjener > /usr/lib/squid/ldap_auth -ZZ -b "ou=People,dc=skole,dc=skolelinux,dc=no" ldap
+ gavinm at tjener > /usr/lib/squid/basic_ldap_auth -ZZ -b "ou=People,dc=skole,dc=skolelinux,dc=no" ldap
gavinm <mypassword>
OK
- gavinm at tjener > /usr/lib/squid/squid_ldap_group -ZZ -b "ou=Group,dc=skole,dc=skolelinux,dc=no" -f "(&(objectclass=posixGroup)(cn=%a)(member=%v))" -B "ou=People,dc=skole,dc=skolelinux,dc=no" -F uid="%s" ldap
+ gavinm at tjener > /usr/lib/squid/ext_ldap_group_acl -ZZ -b "ou=Group,dc=skole,dc=skolelinux,dc=no" -f "(&(objectclass=posixGroup)(cn=%a)(member=%v))" -B "ou=People,dc=skole,dc=skolelinux,dc=no" -F uid="%s" ldap
gavinm teachers
OK}}}
More information about the debian-edu-commits
mailing list