👤
Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

RedHat 9 (Linux i386) - man page for squid_ldap_group (redhat section 8)

squid_ldap_group(8)							      squid_ldap_group(8)

NAME
       squid_ldap_group - Squid LDAP external acl group helper

SYNOPSIS
       squid_ldap_group     -b	   "base     DN"    -f	  "LDAP    search    filter"	[options]
       [ldap_server_name[:port]...]

DESCRIPTION
       This helper allows Squid to connect to a  LDAP  directory  to  authorize  users	via  LDAP
       groups.

       The  program  operates by searching with a search filter based on the users login name and
       requested group, and if a match is found it is determined that the  user  belongs  to  the
       group.

       -b basedn (REQUIRED)
	      Specifies the base DN under which the groups are located.

       -B basedn
	      Specifies the base DN under which the users are located (if different)

       -g     Specifies  that the first query argument sent to the helper by Squid is a extension
	      to the basedn and will be temporarily added infront of the global basedn	for  this
	      query.

       -f filter
	      LDAP search filter used to search the LDAP directory for any matching group member-
	      ships.   In the filter %u will be replaced by the user login name (or DN if the  -F
	      or -u options are used) and %g by the requested group name.

       -F filter
	      LDAP  search  filter used to search the LDAP directory for any matching users.   In
	      the filter %s will be replaced by the user login name. If % is to be included  lit-
	      erally in the filter then use %%.

       -u attr
	      LDAP attribute used to construct the user DN from the login name and base dn.

       -s base|one|sub
	      search scope. Defaults to 'sub'.

	      base object only, one level below the base object or subtree below the base object

       -D binddn -w password
	      The DN and password to bind as while performing searches. Required if the directory
	      does not allow anonymous searches.

	      As the password needs to be printed in plain text in your Squid  configuration  and
	      will  be sent on the command line to the helper it is strongly recommended to use a
	      account with minimal associated privileges.  This to limit the damage in case some-
	      one could get hold of a copy of your Squid configuration file or extracts the pass-
	      word used from a process listing.

       -P     Use a persistent LDAP connection. Normally the LDAP connection is only  open  while
	      validating  a username to preserve resources at the LDAP server. This option causes
	      the LDAP connection to be kept open, allowing it to be reused for further user val-
	      idations. Recommended for larger installations.

       -R     do not follow referrals

       -a never|always|search|find
	      when to dereference aliases. Defaults to 'never'

	      never dereference aliases (default), always dereference aliases, only while search-
	      ing or only to find the base object

       -h ldapserver
	      Specify the LDAP server to connect to

       -p ldapport
	      Specify an alternate TCP port where the ldap server is listening if other than  the
	      default LDAP port 389.

       -S     Strip NT domain name component from usernames (/ or \ separated)

SQUID CONFIGURATION
       This helper is intended to be used as a external_acl_type helper from squid.conf.

       external_acl_type ldap_group %LOGIN /path/to/squid_ldap_group ...
       acl group1 ldap_group Group1
       acl group2 ldap_gorup Group2

NOTES
       When  constructing  search  filters  it	is  strongly recommended to test the filter using
       ldapsearch before you attempt to use squid_ldap_group. This  to	verify	that  the  filter
       matches what you expect.

AUTHOR
       This manual page was written by Henrik Nordstrom <hno@marasystems.com>

       squid_ldap_group  is  written  by Flavio Pescuma <flavio@marasystems.com> and Henrik Nord-
       strom <hno@squid-cache.org>, based  on  prior  work  in	squid_ldap_auth  by  Glen  Newton
       <glen.newton@nrc.ca>

KNOWN LIMITATIONS
       Max 16 occurances of %s in the -u argument is supported.

QUESTIONS
       Any  questions  on  usage  can be sent to Squid Users <squid-users@squid-cache.org>, or to
       your favorite LDAP list/friend if the question is more related to LDAP than Squid.

REPORTING BUGS
       Report bugs or bug-fixes to Squid  Bugs	<squid-bugs@squid-cache.org>  or  ideas  for  new
       improvements to Squid Developers <squid-dev@squid-cache.org>

SEE ALSO
       squid_ldap_auth(8), ldapsearch(1),
       Your favorite LDAP documentation
       RFC2254 - The String Representation of LDAP Search Filters,

Squid LDAP Match			 7 September 2002		      squid_ldap_group(8)


All times are GMT -4. The time now is 10:09 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password