[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

squid authentication / skolelinux ldap docs


I'm not sure if others are already doing this but I need to set up squid to
only allow authenticated users.  I haven't come across a document detailing
this for Skolelinux so I will write it when I'm done.  I am at a slight
disadvantage in that I'm planning it without a Skolelinux server nearby to
check things on.

As far as I can see, this really has to be done on a machine to which
ordinary users don't have logins.  We currently use a combined main and
thin client server and for squid to work on it that machine must have
web/ftp access.  However, if it has that access, people logged in can just
use the access directly without the proxy.  So I have a separate machine
set up but I'd like squid to use tjener for passwords.  In particular, I'd
like to authenticate users as members of groups (eg Teachers).

Depending on what I consult, the answer varies a little but I think I'll be
able to pull the bits I need together:

 - Debian doc /usr/share/doc/squid/README.auth_module.ldap_auth.gz
 - Squid WIKI <http://workaround.org/squid/wiki/LdapAuthentication>
 - LDAP tutorial <http://quark.humbug.org.au/publications/ldap/ldap_tut.html>

Can someone point me to a doc detailing the Skolelinux LDAP naming/layout?
I'm not too experienced with LDAP and need to construct the correct
searchbase.  I also can't see the Skolelinux LDAP config files right now so
it's hard to tell.  My guess is that I need something like this:

authenticate_program /usr/lib/squid/squid_ldap_auth -b ou=Teachers,dc=tjener,dc=intern tjener.intern


acl authenticated proxy_auth REQUIRED
http_access allow authenticated

What is the correct dc, etc?


Reply to: