10 More Discussions You Might Find Interesting
1. Solaris
I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful.
The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies
2. AIX
Hi folks,
How can i configure an AIX LDAP client to authenticate against an Linux Openldap server over TLS/SSL?
It works like a charm without TLS/SSL.
i would like to have SSL encrypted communication for ldap (secldapclntd) and ldapsearch etc. while accepting every kind of certificate/CA.... (6 Replies)
Discussion started by: paco699
6 Replies
3. AIX
Hi All,
Its regarding the LDAP in AIX.
we already have Microsoft Active Directory (LDAP) Server. And would like to integrate My client AIX LPAR to this LDAP server. So' that we can directly use Active directory crdentials to login. (instead of creating USERs on AIX)
from my AIX LPAR.
... (4 Replies)
Discussion started by: System Admin 77
4 Replies
4. AIX
I have been able to configure on an AIX 5.2 ldap.cfg so service starts correctly.
but when I try to log on with a windows user after entering the password login hangs and get no response.
I have set it up on Aix 5.3 with no problem but in Aix 5.2 I have not been able to log in.
ldap.cfg... (1 Reply)
Discussion started by: laxtnog
1 Replies
5. AIX
Hi,
I am trying to authenticate AIX server against a IDS LDAP instance.
The AIX version is 6.1 and TDS client is 6.1.
I configured the secldapclntd using ldap.cfg file and changed /etc/security/user to set SYSTEM=LDAP, registry=LDAP for one user. Below are the ldap.cfg configurations -
... (5 Replies)
Discussion started by: vs1
5 Replies
6. UNIX for Advanced & Expert Users
Hello,
I'm new to Centos and to openldap. I am by trade a Solaris Admin. I'm experimenting with openldap and thought Linux would be easier to install and setup openldap on, so far this is true. The problem I'm having is that I can't get the client server to authenticate to the openldap server. I... (1 Reply)
Discussion started by: bitlord
1 Replies
7. Solaris
Configure ldap client:
I have configured my ldapclient with the AuthenticationMethod=simple and with the credentialLevel=proxy. However, as soon as i want to set the AuthenticationMethod=sasl/GSSAPI, and credentiallevel=self, then it fails to configure. Kerberos is already setup successfully. The... (0 Replies)
Discussion started by: Henk Trumpie
0 Replies
8. Solaris
Hi All,
I am getting one strange problem of empty LDAP_client_ file. There was one /var 100% overload issue few days back. After that we are observing this new issue.
I got to know about similar issue SunSolve Bug ID 6495683 - “LDAP client files & cred files are deleted when /var is full”... (1 Reply)
Discussion started by: ailnilanjan
1 Replies
9. AIX
Hello,
I am trying to configure an AIX machina to authenticate against a Windows 2003 AD, and I am desesperately trying to find the ldap.client lpp
in the internet.
I am using AIX 5.3 and I don't have access to the DVD media,
please help!
Thankyou,
Tiago (2 Replies)
Discussion started by: tiagoskid
2 Replies
10. Solaris
Hi Gurus
I am a novice in LDAP and need to configure an LDAP client(Solaris 10).
The client has to bind to an AD for LDAP queries. I have created a user called testbind in AD for binding purpose.
I am planning to configure LDAP client manually(as the requirement is as such).
This is the... (16 Replies)
Discussion started by: Renjesh
16 Replies
squid_ldap_auth(8) System Manager's Manual squid_ldap_auth(8)
NAME
squid_ldap_auth - Squid LDAP authentication helper
SYNOPSIS
squid_ldap_auth -b "base DN" [-u attribute] [options] [ldap_server_name[:port]]...]
squid_ldap_auth -b "base DN" -f "LDAP search filter" [options] [ldap_server_name[:port]...]
DESCRIPTION
This helper allows Squid to connect to a LDAP directory to validate the user name and password of Basic HTTP authentication.
The program has two major modes of operation. In the default mode of operation the users DN is constructed using the base DN and user
attribute. In the other mode of operation a search filter is used to locate valid user DN's below the base DN.
-b basedn (REQUIRED)
Specifies the base DN under which the users are located.
-f filter
LDAP search filter to locate the user DN. Required if the users are in a hierarchy below the base DN, or if the login name is not
what builds the user specific part of the users DN.
The search filter can contain up to 15 occurrences of %s which will be replaced by the username, as in "uid=%s" for RFC2037 directo-
ries. For a detailed description of LDAP search filter syntax see RFC2254.
-u userattr
Specifies the name of the DN attribute that contains the username/login. Combined with the base DN to construct the users DN when
no search filter is specified (-f option). Defaults to 'uid'
Note: This can only be done if all your users are located directly under the same position in the LDAP tree and the login name is
used for naming each user object. If your LDAP tree does not match these criterias or if you want to filter who are valid users then
you need to use a search filter to search for your users DN (-f option).
-s base|one|sub
search scope when performing user DN searches specified by the -f option. Defaults to 'sub'.
base object only, one level below the base object or subtree below the base object
-D binddn -w password
The DN and password to bind as while performing searches. Required by the -f flag if the directory does not allow anonymous
searches.
As the password needs to be printed in plain text in your Squid configuration it is strongly recommended to use a account with mini-
mal associated privileges. This to limit the damage in case someone could get hold of a copy of your Squid configuration file.
-P Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the
LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations. Recom-
mended for larger installations.
-R do not follow referrals
-a never|always|search|find
when to dereference aliases. Defaults to 'never'
never dereference aliases (default), always dereference aliases, only while searching or only to find the base object
-h ldapserver
Specify the LDAP server to connect to
-p ldapport
Specify an alternate TCP port where the ldap server is listening if other than the default LDAP port 389.
EXAMPLES
For directories using the RFC2307 layout with a single domain, all you need to specify is usually the base DN under where your users are
located and the server name:
squid_ldap_auth -b ou=people,dc=your,dc=domain ldapserver
If you have sub-domains then you need to use a search filter approach to locate your user DNs as these can no longer be constructed direcly
from the base DN and login name alone:
squid_ldap_auth -b dc=your,dc=domain -f uid=%s ldapserver
And similarily if you only want to allow access to users having a specific attribute
squid_ldap_auth -b dc=your,dc=domain -f (&(uid=%s)(specialattribute=value)) ldapserver
Or if the user attribute of the user DN is "cn" instead of "uid" and you do not want to have to search for the users then you could use
something like the following example for Active Directory:
squid_ldap_auth -u cn -b cn=Users,dc=your,dc=domain ldapserver
If you want to search for the user DN and your directory does not allow anonymous searches then you must also use the -D and -w flags to
specify a user DN and password to log in as to perform the searches, as in the following complex Active Directory example
squid_ldap_auth -p -R -b dc=your,dc=domain -D cn=squid,cn=users,dc=your,dc=domain -w secretsquidpassword -f (&(userPrincipal-
Name=%s)(objectClass=Person)) activedirectoryserver
NOTES
When constructing search filters it is strongly recommended to test the filter using ldapsearch before you attempt to use squid_ldap_auth.
This to verify that the filter matches what you expect.
AUTHOR
This manual page was written by Henrik Nordstrom <hno@squid-cache.org>
squid_ldap_auth is written by Glenn Newton <gnewton@wapiti.cisti.nrc.ca> and Henrik Nordstrom <hno@squid-cache.org>
KNOWN ISSUES
Will crash if other % values than %s is used in -f, or if more than 15 %s is used.
QUESTIONS
Any questions on usage can be sent to Squid Users <squid-users@squid-cache.org>, or to your favorite LDAP list/friend if the question is
more related to LDAP than Squid.
REPORTING BUGS
Report bugs or bug-fixes to Squid Bugs <squid-bugs@squid-cache.org> or ideas for new improvements to Squid Developers <squid-dev@squid-
cache.org>
SEE ALSO
ldapsearch(1),
Your favorite LDAP documentation
RFC2254 - The String Representation of LDAP Search Filters,
Squid LDAP Auth 25 September 2001 squid_ldap_auth(8)