Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
Kitty Hooch

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Glossary
MoreInfo
Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
FAQ
Copyright Info
Terms of Use
Privacy Info
Disclaimer
WorkBoard
Thanks
Donations
Advertising
Masthead / Impressum
Your Account

Communication
Feedback
Forums
Private Messages
Surveys

Features
HOWTOs
News Archive
Submit News
Topics
User Articles
Web Links

Google
Google


The Web
linux-tutorial.info

Who's Online
There are currently, 128 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here

  

squid_ldap_auth



SYNOPSIS

       squid_ldap_auth  -b  "base  DN"  [-u  attribute] [options]
       [ldap_server_name[:port]]...]

       squid_ldap_auth -b  "base  DN"  -f  "LDAP  search  filter"
       [options] [ldap_server_name[:port]...]


DESCRIPTION

       This helper allows Squid to connect to a LDAP directory to
       validate the user name and password of Basic HTTP  authen­
       tication.

       The  program  has  two  major  modes  of operation. In the
       default mode of operation  the  users  DN  is  constructed
       using the base DN and user attribute. In the other mode of
       operation a search filter is used  to  locate  valid  user
       DN's below the base DN.

       -b basedn (REQUIRED)
              Specifies  the  base  DN  under which the users are
              located.

       -f filter
              LDAP search filter to locate the user DN.  Required
              if  the users are in a hierarchy below the base DN,
              or if the login name is not what  builds  the  user
              specific part of the users DN.

              The  search filter can contain up to 15 occurrences
              of %s which will be replaced by the username, as in
              "uid=%s"  for  RFC2037  directories. For a detailed
              description  of  LDAP  search  filter  syntax   see
              RFC2254.

       -u userattr
              Specifies  the  name  of the DN attribute that con­
              tains the username/login.  Combined with  the  base
              DN  to construct the users DN when no search filter
              is specified (-f option). Defaults to 'uid'

              Note: This can only be done if all your  users  are
              located  directly  under  the  same position in the
              LDAP tree and the login name  is  used  for  naming
              each  user object. If your LDAP tree does not match
              these criterias or if you want to  filter  who  are
              valid users then you need to use a search filter to
              search for your users DN (-f option).

       -s base|one|sub
              search scope when performing user DN searches spec­
              ified by the -f option. Defaults to 'sub'.


       -D binddn -W secretfile
              The  DN and the name of a file containing the pass­
              word to bind as while performing searches.

              Less insecure version of the former parameter  pair
              with two advantages: The password does not occur in
              the process listing, and the password is not  being
              compromised if someone gets the squid configuration
              file without getting the secretfile.

       -P     Use a persistent LDAP connection. Normally the LDAP
              connection is only open while validating a username
              to preserve resources  at  the  LDAP  server.  This
              option  causes the LDAP connection to be kept open,
              allowing it to be reused for further  user  valida­
              tions. Recommended for larger installations.

       -R     do not follow referrals

       -a never|always|search|find
              when to dereference aliases. Defaults to 'never'

              never  dereference aliases (default), always deref­
              erence aliases, only while  searching  or  only  to
              find the base object

       -H ldapuri
              Specity  the  LDAP server to connect to by LDAP URI
              (requires OpenLDAP libraries)

       -h ldapserver
              Specify the LDAP server to connect to

       -p ldapport
              Specify an alternate TCP port where the ldap server
              is  listening  if  other than the default LDAP port
              389.

       -Z     Use TLS encryption

       -Scertpath
              Enable LDAP over SSL (requires  Netscape  LDAP  API
              libraries)

       -cconnect_timeout
              Specify   timeout  used  when  connecting  to  LDAP
              servers (requires Netscape LDAP API libraries)

       -tsearch_timeout
              Specify time limit on LDAP search operations

              ldapserver

       And  similarily  if you only want to allow access to users
       having a specific attribute

              squid_ldap_auth     -b     dc=your,dc=domain     -f
              (&(uid=%s)(specialattribute=value)) ldapserver

       Or if the user attribute of the user DN is "cn" instead of
       "uid" and you do not want to have to search for the  users
       then  you  could  use something like the following example
       for Active Directory:

              squid_ldap_auth -u cn -b cn=Users,dc=your,dc=domain
              ldapserver

       If  you  want to search for the user DN and your directory
       does not allow anonymous searches then you must  also  use
       the  -D  and -w flags to specify a user DN and password to
       log in as to perform the searches,  as  in  the  following
       complex Active Directory example

              squid_ldap_auth   -p  -R  -b  dc=your,dc=domain  -D
              cn=squid,cn=users,dc=your,dc=domain -w secretsquid­
              password     -f    (&(userPrincipalName=%s)(object­
              Class=Person)) activedirectoryserver


NOTES

       When constructing search filters  it  is  strongly  recom­
       mended  to  test  the  filter  using ldapsearch before you
       attempt to use squid_ldap_auth. This to  verify  that  the
       filter matches what you expect.


AUTHOR

       This   manual   page   was  written  by  Henrik  Nordstrom
       <hno@squid-cache.org>

       squid_ldap_auth  is  written  by   Glenn   Newton   <gnew­
       ton@wapiti.cisti.nrc.ca>  and Henrik Nordstrom <hno@squid-
       cache.org>


KNOWN ISSUES

       Will crash if other % values than %s is used in -f, or  if
       more than 15 %s is used.


QUESTIONS

       Any  questions on usage can be sent to Squid Users <squid-
       users@squid-cache.org>,   or   to   your   favorite   LDAP
       list/friend  if  the question is more related to LDAP than
       Squid.


REPORTING BUGS


An undefined database error occurred. SELECT distinct pages.pagepath,pages.pageid FROM pages, page2command WHERE pages.pageid = page2command.pageid AND commandid =


  




Login
Nickname

Password

Security Code
Security Code
Type Security Code


Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!


Amazon Wish List

Did You Know?
The Linux Tutorial welcomes your suggestions and ideas.


Friends



Tell a Friend About Us

Bookmark and Share



Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.09 Seconds