Need help with squid package customization
-
Hi,
could someone point me to right direction please.
There is no way to specify ldap protocol version in squid auth settings.
I am trying to modify squid_auth to get -v 3 and customize objectClass search from cn to uid:auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -b ou=my,dc=super,dc=net -v 3 -f "(&(objectClass=person)(uid=%s))" -u cn -P myserver
I managed to add ldap version field in /usr/local/pkg/squid_auth.xml but I need to know how to pass (write) value from this field to actual /usr/local/etc/squid/squid.conf config file.
Thank you.
-
Disregard, I think I found it in squid.inc…
Anyway, it would be nice to have ldap filter and ldap version included in the next version of package.Thanks.
-
the auth portion of squid isn't really rolling yet. If you got it working though I'm sure the dev's wouldn't mind you sending the diffs for it
-
I hope this helps a bit.
--- squid_auth.xml Wed Mar 21 09:20:40 2007 +++ squid_auth.xml Wed Mar 21 09:22:51 2007 @@ -52,6 +52,17 @@ <onchange>on_auth_method_changed()</onchange> <field>+ <fieldname>ldap_version</fieldname> + <fielddescr>LDAP version</fielddescr> + <description>Enter LDAP protocol version (2 or 3).</description> + <default_value>2</default_value> + <type>select</type> + <options>+ <option><name>2</name><value>2</value></option> + <option><name>3</name><value>3</value></option> +</options> +</field> + <field><fieldname>auth_server</fieldname> <fielddescr>Authentication server</fielddescr> <description>Enter here the IP or hostname of the server that will perform the authentication.</description> @@ -73,7 +84,7 @@ <size>60</size></field> <field>- <fieldname>ldap_password</fieldname> + <fieldname>ldap_pass</fieldname> <fielddescr>LDAP password</fielddescr> <description>Enter here the password to use to connect to the LDAP server.</description> <type>password</type> @@ -83,6 +94,14 @@ <fieldname>ldap_basedomain</fieldname> <fielddescr>LDAP base domain</fielddescr> <description>For LDAP authentication, enter here the base domain in the LDAP server.</description> + <type>input</type> + <size>60</size> +</field> + <field>+ <fieldname>ldap_filter</fieldname> + <fielddescr>LDAP search filter</fielddescr> + <default_value>(&(objectClass=person)(uid=%s))</default_value> + <description>Enter LDAP search filter.</description> <type>input</type> <size>60</size></field>
--- squid.inc Wed Mar 21 09:20:29 2007 +++ squid.inc Wed Mar 21 09:22:44 2007 @@ -781,7 +781,7 @@ case 'ldap': $port = (isset($settings['auth_port']) ? ":{$settings['auth_port']}" : ''); $password = (isset($settings['ldap_pass']) ? "-w {$settings['ldap_pass']}" : ''); - $conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"(&(objectClass=person)(cn=%s))\" -u cn -P {$settings['auth_server']}$port\n"; + $conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"{$settings['ldap_filter']}\" -u uid -P {$settings['auth_server']}$port\n"; break; case 'radius': $port = (isset($settings['auth_port']) ? "-p {$settings['auth_server_port']}" : ''); @@ -891,6 +891,8 @@ document.iform.auth_server.disabled = 1; document.iform.auth_server_port.disabled = 1; document.iform.ldap_user.disabled = 1; + document.iform.ldap_version.disabled = 1; + document.iform.ldap_filter.disabled = 1; document.iform.ldap_password.disabled = 1; document.iform.ldap_basedomain.disabled = 1; document.iform.radius_secret.disabled = 1; @@ -918,6 +920,8 @@ document.iform.auth_server.disabled = 1; document.iform.auth_server_port.disabled = 1; document.iform.ldap_user.disabled = 1; + document.iform.ldap_version.disabled = 1; + document.iform.ldap_filter.disabled = 1; document.iform.ldap_password.disabled = 1; document.iform.ldap_basedomain.disabled = 1; document.iform.radius_secret.disabled = 1; @@ -942,6 +946,8 @@ document.iform.auth_server_port.disabled = 1; document.iform.ldap_user.disabled = 1; document.iform.ldap_password.disabled = 1; + document.iform.ldap_version.disabled = 1; + document.iform.ldap_filter.disabled = 1; document.iform.ldap_basedomain.disabled = 1; document.iform.radius_secret.disabled = 1; document.iform.msnt_secondary.disabled = 1; @@ -951,6 +957,8 @@ document.iform.auth_server_port.disabled = 0; document.iform.ldap_user.disabled = 0; document.iform.ldap_password.disabled = 0; + document.iform.ldap_version.disabled = 0; + document.iform.ldap_filter.disabled = 0; document.iform.ldap_basedomain.disabled = 0; document.iform.radius_secret.disabled = 1; document.iform.msnt_secondary.disabled = 1; @@ -960,6 +968,8 @@ document.iform.auth_server_port.disabled = 0; document.iform.ldap_user.disabled = 1; document.iform.ldap_password.disabled = 1; + document.iform.ldap_version.disabled = 1; + document.iform.ldap_filter.disabled = 1; document.iform.ldap_basedomain.disabled = 1; document.iform.radius_secret.disabled = 0; document.iform.msnt_secondary.disabled = 1; @@ -969,6 +979,8 @@ document.iform.auth_server_port.disabled = 1; document.iform.ldap_user.disabled = 1; document.iform.ldap_password.disabled = 1; + document.iform.ldap_version.disabled = 1; + document.iform.ldap_filter.disabled = 1; document.iform.ldap_basedomain.disabled = 1; document.iform.radius_secret.disabled = 1; document.iform.msnt_secondary.disabled = 0;
-
Thanks, commited!
-
nice work, a lot of people have been looking for LDAP support, I'm sure this will be appreciated