Need help with squid package customization



  • Hi,
    could someone point me to right direction please.
    There is no way to specify ldap protocol version in squid auth settings.
    I am trying to modify squid_auth to get -v 3 and customize objectClass search from cn to uid:

    auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -b ou=my,dc=super,dc=net -v 3 -f "(&(objectClass=person)(uid=%s))" -u cn -P myserver

    I managed to add ldap version field in /usr/local/pkg/squid_auth.xml but I need to know how to pass (write) value from this field to actual /usr/local/etc/squid/squid.conf config file.

    Thank you.



  • Disregard, I think I found it in squid.inc…
    Anyway, it would be nice to have ldap filter and ldap version included in the next version of package.

    Thanks.



  • the auth portion of squid isn't really rolling yet.  If you got it working though I'm sure the dev's wouldn't mind you sending the diffs for it



  • I hope this helps a bit.

    
    --- squid_auth.xml	Wed Mar 21 09:20:40 2007
    +++ squid_auth.xml	Wed Mar 21 09:22:51 2007
    @@ -52,6 +52,17 @@
     			<onchange>on_auth_method_changed()</onchange>
    
     		 <field>+			<fieldname>ldap_version</fieldname>
    +			<fielddescr>LDAP version</fielddescr>
    +			<description>Enter LDAP protocol version (2 or 3).</description>
    +			<default_value>2</default_value>
    +			<type>select</type>
    +			 <options>+			<option><name>2</name><value>2</value></option>
    +			<option><name>3</name><value>3</value></option>
    +</options> 
    +</field> 
    +		 <field><fieldname>auth_server</fieldname>
     			<fielddescr>Authentication server</fielddescr>
     			<description>Enter here the IP or hostname of the server that will perform the authentication.</description>
    @@ -73,7 +84,7 @@
     			<size>60</size></field> 
     		 <field>-			<fieldname>ldap_password</fieldname>
    +			<fieldname>ldap_pass</fieldname>
     			<fielddescr>LDAP password</fielddescr>
     			<description>Enter here the password to use to connect to the LDAP server.</description>
     			<type>password</type>
    @@ -83,6 +94,14 @@
     			<fieldname>ldap_basedomain</fieldname>
     			<fielddescr>LDAP base domain</fielddescr>
     			<description>For LDAP authentication, enter here the base domain in the LDAP server.</description>
    +			<type>input</type>
    +			<size>60</size>
    +</field> 
    +		 <field>+			<fieldname>ldap_filter</fieldname>
    +			<fielddescr>LDAP search filter</fielddescr>
    +			<default_value>(&(objectClass=person)(uid=%s))</default_value>
    +			<description>Enter LDAP search filter.</description>
     			<type>input</type>
     			<size>60</size></field> 
    
    
    
    --- squid.inc	Wed Mar 21 09:20:29 2007
    +++ squid.inc	Wed Mar 21 09:22:44 2007
    @@ -781,7 +781,7 @@
     			case 'ldap':
     				$port = (isset($settings['auth_port']) ? ":{$settings['auth_port']}" : '');
     				$password = (isset($settings['ldap_pass']) ? "-w {$settings['ldap_pass']}" : '');
    -				$conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"(&(objectClass=person)(cn=%s))\" -u cn -P {$settings['auth_server']}$port\n";
    +				$conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"{$settings['ldap_filter']}\" -u uid -P {$settings['auth_server']}$port\n";
     				break;
     			case 'radius':
     				$port = (isset($settings['auth_port']) ? "-p {$settings['auth_server_port']}" : '');
    @@ -891,6 +891,8 @@
     	document.iform.auth_server.disabled = 1;
     	document.iform.auth_server_port.disabled = 1;
     	document.iform.ldap_user.disabled = 1;
    +	document.iform.ldap_version.disabled = 1;
    +	document.iform.ldap_filter.disabled = 1;
     	document.iform.ldap_password.disabled = 1;
     	document.iform.ldap_basedomain.disabled = 1;
     	document.iform.radius_secret.disabled = 1;
    @@ -918,6 +920,8 @@
     		document.iform.auth_server.disabled = 1;
     		document.iform.auth_server_port.disabled = 1;
     		document.iform.ldap_user.disabled = 1;
    +		document.iform.ldap_version.disabled = 1;
    +		document.iform.ldap_filter.disabled = 1;
     		document.iform.ldap_password.disabled = 1;
     		document.iform.ldap_basedomain.disabled = 1;
     		document.iform.radius_secret.disabled = 1;
    @@ -942,6 +946,8 @@
     			document.iform.auth_server_port.disabled = 1;
     			document.iform.ldap_user.disabled = 1;
     			document.iform.ldap_password.disabled = 1;
    +			document.iform.ldap_version.disabled = 1;
    +			document.iform.ldap_filter.disabled = 1;
     			document.iform.ldap_basedomain.disabled = 1;
     			document.iform.radius_secret.disabled = 1;
     			document.iform.msnt_secondary.disabled = 1;
    @@ -951,6 +957,8 @@
     			document.iform.auth_server_port.disabled = 0;
     			document.iform.ldap_user.disabled = 0;
     			document.iform.ldap_password.disabled = 0;
    +			document.iform.ldap_version.disabled = 0;
    +			document.iform.ldap_filter.disabled = 0;
     			document.iform.ldap_basedomain.disabled = 0;
     			document.iform.radius_secret.disabled = 1;
     			document.iform.msnt_secondary.disabled = 1;
    @@ -960,6 +968,8 @@
     			document.iform.auth_server_port.disabled = 0;
     			document.iform.ldap_user.disabled = 1;
     			document.iform.ldap_password.disabled = 1;
    +			document.iform.ldap_version.disabled = 1;
    +			document.iform.ldap_filter.disabled = 1;
     			document.iform.ldap_basedomain.disabled = 1;
     			document.iform.radius_secret.disabled = 0;
     			document.iform.msnt_secondary.disabled = 1;
    @@ -969,6 +979,8 @@
     			document.iform.auth_server_port.disabled = 1;
     			document.iform.ldap_user.disabled = 1;
     			document.iform.ldap_password.disabled = 1;
    +			document.iform.ldap_version.disabled = 1;
    +			document.iform.ldap_filter.disabled = 1;
     			document.iform.ldap_basedomain.disabled = 1;
     			document.iform.radius_secret.disabled = 1;
     			document.iform.msnt_secondary.disabled = 0;
    
    


  • Thanks, commited!



  • nice work, a lot of people have been looking for LDAP support, I'm sure this will be appreciated


Log in to reply