[debian-edu-commits] [Debian Wiki] Update of "DebianEdu/HowTo/Squid_LDAP_Authentication" by DashamirHoxha

Debian Wiki wiki at debian.org
Sat Oct 15 11:48:46 BST 2022 

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Debian Wiki" for change notification.

The "DebianEdu/HowTo/Squid_LDAP_Authentication" page has been changed by DashamirHoxha:
https://wiki.debian.org/DebianEdu/HowTo/Squid_LDAP_Authentication?action=diff&rev1=7&rev2=8

Comment:
Tried to update the names of the squid tools (basic_ldap_auth and ext_ldap_group_acl).

  ## page was renamed from DebianEdu/Squid LDAP Authentication
  Brief instructions on how to get Squid to authenticate against your Debian-Edu LDAP database.  This will get Squid (the web proxy server) to prompt users for the username and password they have in the skolelinux/debian-edu LDAP database.
  
- In /etc/squid/squid.conf:
+ In /etc/squid/conf.d/debian-edu-ldap-auth.conf:
  
  1. Set up general authentication of users via ldap_auth.
  
  {{{#!  TAG: auth_param
- auth_param basic program /usr/lib/squid/ldap_auth -ZZ -b "ou=People,dc=skole,dc=skolelinux,dc=no" ldap
+ auth_param basic program /usr/lib/squid/basic_ldap_auth -ZZ -b "ou=People,dc=skole,dc=skolelinux,dc=no" ldap
  auth_param basic children 30
  auth_param basic realm Squid proxy-caching web server
  auth_param basic credentialsttl 1 hours}}}
@@ -16, +16 @@

  2. Now that you can authenticate the users, tell it how to check that authenticated users are in a chosen group using squid_ldap_group.
  
  {{{#!  TAG: external_acl_type
- external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -ZZ -b "ou=Group,dc=skole,dc=skolelinux,dc=no" -f "(&(objectclass=posixGroup)(cn=%a)(member=%v))" -B "ou=People,dc=skole,dc=skolelinux,dc=no" -F uid="%s" ldap}}}
+ external_acl_type ldap_group %LOGIN /usr/lib/squid/ext_ldap_group_acl -ZZ -b "ou=Group,dc=skole,dc=skolelinux,dc=no" -f "(&(objectclass=posixGroup)(cn=%a)(member=%v))" -B "ou=People,dc=skole,dc=skolelinux,dc=no" -F uid="%s" ldap}}}
  
  3. Create an acl (access control list) requiring first authentication and then the group check.  The word "teachers" corresponds to a unix group and several can be placed here.
  
@@ -57, +57 @@

  or nothing at all things are not working. eg
  
  {{{
- gavinm at tjener > /usr/lib/squid/ldap_auth -ZZ -b "ou=People,dc=skole,dc=skolelinux,dc=no" ldap
+ gavinm at tjener > /usr/lib/squid/basic_ldap_auth -ZZ -b "ou=People,dc=skole,dc=skolelinux,dc=no" ldap
  gavinm <mypassword>
  OK
  
- gavinm at tjener > /usr/lib/squid/squid_ldap_group -ZZ -b "ou=Group,dc=skole,dc=skolelinux,dc=no" -f "(&(objectclass=posixGroup)(cn=%a)(member=%v))" -B "ou=People,dc=skole,dc=skolelinux,dc=no" -F uid="%s" ldap
+ gavinm at tjener > /usr/lib/squid/ext_ldap_group_acl -ZZ -b "ou=Group,dc=skole,dc=skolelinux,dc=no" -f "(&(objectclass=posixGroup)(cn=%a)(member=%v))" -B "ou=People,dc=skole,dc=skolelinux,dc=no" -F uid="%s" ldap
  gavinm teachers
  OK}}}

More information about the debian-edu-commits mailing list