Need help with squid package customization

tdi

Hi,
could someone point me to right direction please.
There is no way to specify ldap protocol version in squid auth settings.
I am trying to modify squid_auth to get -v 3 and customize objectClass search from cn to uid:

auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -b ou=my,dc=super,dc=net -v 3 -f "(&(objectClass=person)(uid=%s))" -u cn -P myserver

I managed to add ldap version field in /usr/local/pkg/squid_auth.xml but I need to know how to pass (write) value from this field to actual /usr/local/etc/squid/squid.conf config file.

Thank you.

tdi

Disregard, I think I found it in squid.inc…
Anyway, it would be nice to have ldap filter and ldap version included in the next version of package.

Thanks.

Justinw

the auth portion of squid isn't really rolling yet.  If you got it working though I'm sure the dev's wouldn't mind you sending the diffs for it

tdi

I hope this helps a bit.

--- squid_auth.xml	Wed Mar 21 09:20:40 2007
+++ squid_auth.xml	Wed Mar 21 09:22:51 2007
@@ -52,6 +52,17 @@
 			<onchange>on_auth_method_changed()</onchange>

 		 <field>+			<fieldname>ldap_version</fieldname>
+			<fielddescr>LDAP version</fielddescr>
+			<description>Enter LDAP protocol version (2 or 3).</description>
+			<default_value>2</default_value>
+			<type>select</type>
+			 <options>+			<option><name>2</name><value>2</value></option>
+			<option><name>3</name><value>3</value></option>
+</options> 
+</field> 
+		 <field><fieldname>auth_server</fieldname>
 			<fielddescr>Authentication server</fielddescr>
 			<description>Enter here the IP or hostname of the server that will perform the authentication.</description>
@@ -73,7 +84,7 @@
 			<size>60</size></field> 
 		 <field>-			<fieldname>ldap_password</fieldname>
+			<fieldname>ldap_pass</fieldname>
 			<fielddescr>LDAP password</fielddescr>
 			<description>Enter here the password to use to connect to the LDAP server.</description>
 			<type>password</type>
@@ -83,6 +94,14 @@
 			<fieldname>ldap_basedomain</fieldname>
 			<fielddescr>LDAP base domain</fielddescr>
 			<description>For LDAP authentication, enter here the base domain in the LDAP server.</description>
+			<type>input</type>
+			<size>60</size>
+</field> 
+		 <field>+			<fieldname>ldap_filter</fieldname>
+			<fielddescr>LDAP search filter</fielddescr>
+			<default_value>(&(objectClass=person)(uid=%s))</default_value>
+			<description>Enter LDAP search filter.</description>
 			<type>input</type>
 			<size>60</size></field> 

--- squid.inc	Wed Mar 21 09:20:29 2007
+++ squid.inc	Wed Mar 21 09:22:44 2007
@@ -781,7 +781,7 @@
 			case 'ldap':
 				$port = (isset($settings['auth_port']) ? ":{$settings['auth_port']}" : '');
 				$password = (isset($settings['ldap_pass']) ? "-w {$settings['ldap_pass']}" : '');
-				$conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"(&(objectClass=person)(cn=%s))\" -u cn -P {$settings['auth_server']}$port\n";
+				$conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"{$settings['ldap_filter']}\" -u uid -P {$settings['auth_server']}$port\n";
 				break;
 			case 'radius':
 				$port = (isset($settings['auth_port']) ? "-p {$settings['auth_server_port']}" : '');
@@ -891,6 +891,8 @@
 	document.iform.auth_server.disabled = 1;
 	document.iform.auth_server_port.disabled = 1;
 	document.iform.ldap_user.disabled = 1;
+	document.iform.ldap_version.disabled = 1;
+	document.iform.ldap_filter.disabled = 1;
 	document.iform.ldap_password.disabled = 1;
 	document.iform.ldap_basedomain.disabled = 1;
 	document.iform.radius_secret.disabled = 1;
@@ -918,6 +920,8 @@
 		document.iform.auth_server.disabled = 1;
 		document.iform.auth_server_port.disabled = 1;
 		document.iform.ldap_user.disabled = 1;
+		document.iform.ldap_version.disabled = 1;
+		document.iform.ldap_filter.disabled = 1;
 		document.iform.ldap_password.disabled = 1;
 		document.iform.ldap_basedomain.disabled = 1;
 		document.iform.radius_secret.disabled = 1;
@@ -942,6 +946,8 @@
 			document.iform.auth_server_port.disabled = 1;
 			document.iform.ldap_user.disabled = 1;
 			document.iform.ldap_password.disabled = 1;
+			document.iform.ldap_version.disabled = 1;
+			document.iform.ldap_filter.disabled = 1;
 			document.iform.ldap_basedomain.disabled = 1;
 			document.iform.radius_secret.disabled = 1;
 			document.iform.msnt_secondary.disabled = 1;
@@ -951,6 +957,8 @@
 			document.iform.auth_server_port.disabled = 0;
 			document.iform.ldap_user.disabled = 0;
 			document.iform.ldap_password.disabled = 0;
+			document.iform.ldap_version.disabled = 0;
+			document.iform.ldap_filter.disabled = 0;
 			document.iform.ldap_basedomain.disabled = 0;
 			document.iform.radius_secret.disabled = 1;
 			document.iform.msnt_secondary.disabled = 1;
@@ -960,6 +968,8 @@
 			document.iform.auth_server_port.disabled = 0;
 			document.iform.ldap_user.disabled = 1;
 			document.iform.ldap_password.disabled = 1;
+			document.iform.ldap_version.disabled = 1;
+			document.iform.ldap_filter.disabled = 1;
 			document.iform.ldap_basedomain.disabled = 1;
 			document.iform.radius_secret.disabled = 0;
 			document.iform.msnt_secondary.disabled = 1;
@@ -969,6 +979,8 @@
 			document.iform.auth_server_port.disabled = 1;
 			document.iform.ldap_user.disabled = 1;
 			document.iform.ldap_password.disabled = 1;
+			document.iform.ldap_version.disabled = 1;
+			document.iform.ldap_filter.disabled = 1;
 			document.iform.ldap_basedomain.disabled = 1;
 			document.iform.radius_secret.disabled = 1;
 			document.iform.msnt_secondary.disabled = 0;

sullrich

Thanks, commited!

Justinw

nice work, a lot of people have been looking for LDAP support, I'm sure this will be appreciated