Unix/Linux Go Back    

RedHat 9 (Linux i386) - man page for squid_ldap_group (redhat section 8)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

squid_ldap_group(8)							      squid_ldap_group(8)

       squid_ldap_group - Squid LDAP external acl group helper

       squid_ldap_group     -b	   "base     DN"    -f	  "LDAP    search    filter"	[options]

       This helper allows Squid to connect to a  LDAP  directory  to  authorize  users	via  LDAP

       The  program  operates by searching with a search filter based on the users login name and
       requested group, and if a match is found it is determined that the  user  belongs  to  the

       -b basedn (REQUIRED)
	      Specifies the base DN under which the groups are located.

       -B basedn
	      Specifies the base DN under which the users are located (if different)

       -g     Specifies  that the first query argument sent to the helper by Squid is a extension
	      to the basedn and will be temporarily added infront of the global basedn	for  this

       -f filter
	      LDAP search filter used to search the LDAP directory for any matching group member-
	      ships.   In the filter %u will be replaced by the user login name (or DN if the  -F
	      or -u options are used) and %g by the requested group name.

       -F filter
	      LDAP  search  filter used to search the LDAP directory for any matching users.   In
	      the filter %s will be replaced by the user login name. If % is to be included  lit-
	      erally in the filter then use %%.

       -u attr
	      LDAP attribute used to construct the user DN from the login name and base dn.

       -s base|one|sub
	      search scope. Defaults to 'sub'.

	      base object only, one level below the base object or subtree below the base object

       -D binddn -w password
	      The DN and password to bind as while performing searches. Required if the directory
	      does not allow anonymous searches.

	      As the password needs to be printed in plain text in your Squid  configuration  and
	      will  be sent on the command line to the helper it is strongly recommended to use a
	      account with minimal associated privileges.  This to limit the damage in case some-
	      one could get hold of a copy of your Squid configuration file or extracts the pass-
	      word used from a process listing.

       -P     Use a persistent LDAP connection. Normally the LDAP connection is only  open  while
	      validating  a username to preserve resources at the LDAP server. This option causes
	      the LDAP connection to be kept open, allowing it to be reused for further user val-
	      idations. Recommended for larger installations.

       -R     do not follow referrals

       -a never|always|search|find
	      when to dereference aliases. Defaults to 'never'

	      never dereference aliases (default), always dereference aliases, only while search-
	      ing or only to find the base object

       -h ldapserver
	      Specify the LDAP server to connect to

       -p ldapport
	      Specify an alternate TCP port where the ldap server is listening if other than  the
	      default LDAP port 389.

       -S     Strip NT domain name component from usernames (/ or \ separated)

       This helper is intended to be used as a external_acl_type helper from squid.conf.

       external_acl_type ldap_group %LOGIN /path/to/squid_ldap_group ...
       acl group1 ldap_group Group1
       acl group2 ldap_gorup Group2

       When  constructing  search  filters  it	is  strongly recommended to test the filter using
       ldapsearch before you attempt to use squid_ldap_group. This  to	verify	that  the  filter
       matches what you expect.

       This manual page was written by Henrik Nordstrom <hno@marasystems.com>

       squid_ldap_group  is  written  by Flavio Pescuma <flavio@marasystems.com> and Henrik Nord-
       strom <hno@squid-cache.org>, based  on  prior  work  in	squid_ldap_auth  by  Glen  Newton

       Max 16 occurances of %s in the -u argument is supported.

       Any  questions  on  usage  can be sent to Squid Users <squid-users@squid-cache.org>, or to
       your favorite LDAP list/friend if the question is more related to LDAP than Squid.

       Report bugs or bug-fixes to Squid  Bugs	<squid-bugs@squid-cache.org>  or  ideas  for  new
       improvements to Squid Developers <squid-dev@squid-cache.org>

       squid_ldap_auth(8), ldapsearch(1),
       Your favorite LDAP documentation
       RFC2254 - The String Representation of LDAP Search Filters,

Squid LDAP Match			 7 September 2002		      squid_ldap_group(8)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 02:40 PM.