squid authentication / skolelinux ldap docs
I'm not sure if others are already doing this but I need to set up squid to
only allow authenticated users. I haven't come across a document detailing
this for Skolelinux so I will write it when I'm done. I am at a slight
disadvantage in that I'm planning it without a Skolelinux server nearby to
check things on.
As far as I can see, this really has to be done on a machine to which
ordinary users don't have logins. We currently use a combined main and
thin client server and for squid to work on it that machine must have
web/ftp access. However, if it has that access, people logged in can just
use the access directly without the proxy. So I have a separate machine
set up but I'd like squid to use tjener for passwords. In particular, I'd
like to authenticate users as members of groups (eg Teachers).
Depending on what I consult, the answer varies a little but I think I'll be
able to pull the bits I need together:
- Debian doc /usr/share/doc/squid/README.auth_module.ldap_auth.gz
- Squid WIKI <http://workaround.org/squid/wiki/LdapAuthentication>
- LDAP tutorial <http://quark.humbug.org.au/publications/ldap/ldap_tut.html>
Can someone point me to a doc detailing the Skolelinux LDAP naming/layout?
I'm not too experienced with LDAP and need to construct the correct
searchbase. I also can't see the Skolelinux LDAP config files right now so
it's hard to tell. My guess is that I need something like this:
authenticate_program /usr/lib/squid/squid_ldap_auth -b ou=Teachers,dc=tjener,dc=intern tjener.intern
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
What is the correct dc, etc?