[squid-users] ldap_auth_param userCertificate

2006-09-05 Thread Zaki Akhmad 

Hello all

After long-long night, finally my squid can do authentication from LDAP server.

# vi squid.conf
auth_param basic program /usr/lib/squid/ldap_auth -b
ou=paume,o=itb,c=id -D cn=admin,ou=paume,o=itb,c=id -w rahasia
-f (uid=%s) -h localhost

This kind of authentication is matching the uid attribute and
userPassword from data on LDAP server. I have a question. Can I
authenticate squid, still the data from the LDAP server, but this time
I don't match the uid attribute and userPassword attribute, but from
uid attribute and userCertificate attribute. Can I? If yes, then how?

FYI, I am running OpenCA, and I have successfully export the
certificate into LDAP server. This is the data on my LDAP server.

dn: uid=pangerankecil,ou=paume,o=ITB,c=ID
cn: Pangeran Kecil
sn: Kecil
uid: pangerankecil
mail: [EMAIL PROTECTED]
ou: paume
o: ITB
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: opencaEmailAddress
objectClass: pkiUser
structuralObjectClass: inetOrgPerson
entryUUID: c1d24c14-d141-102a-8391-ae28c25d67be
creatorsName: cn=admin,ou=PAUME,o=ITB,c=ID
createTimestamp: 20060905154845Z
userCertificate;binary:: MIIElDCCA/2gAwIBAgIBBjANBgkqhkiG9w0BAQUFADBqMQswCQYDV
QQGEwJJRDEMMAoGA1UEChMDSVRCMQ4wDAYDVQQLEwVQQVVNRTEUMBIGA1UEAxMLWmFraSBBa2htYW
QxJzAlBgkqhkiG9w0BCQEWGHphQHN0dWRlbnRzLmVlLml0Yi5hYy5pZDAeFw0wNjA4MTQwMDQwNTd
aFw0wNzA4MTQwMDQwNTdaMFQxCzAJBgNVBAYTAklEMQwwCgYDVQQKEwNJVEIxEjAQBgNVBAsTCUVt
cGxveWVlczEXMBUGA1UEAxMOUGFuZ2VyYW4gS2VjaWwxCjAIBgNVBAUTATYwgZ8wDQYJKoZIhvcNA
QEBBQADgY0AMIGJAoGBALDfqU7KMP1yYG7epG2MfpFOoQndT16Gfhzimdne+lM3P9ydIr/fNoPT1K
nojtIERgVkefRyTVKXYyKIUgIl6GgBCDPbKJhlIgOzYh2Jqi41z+KncjOqywQIvgzCpJ2RsIMLBBs
l+c4SJF3DGKQTIsbfPFswEJ+iYgNHJNgNWo53AgMBAAGjggJeMIICWjAJBgNVHRMEAjAAMDgGA1Ud
IAQxMC8wLQYEKgMDBDAlMCMGCCsGAQUFBwIBFhdodHRwOi8vc29tZS51cmwub3JnL2NwczARBglgh
kgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgXgMCkGA1UdJQQiMCAGCCsGAQUFBwMCBggrBgEFBQcDBA
YKKwYBBAGCNxQCAjAmBglghkgBhvhCAQ0EGRYXVXNlciBDZXJ0aWZpY2F0ZSBvZiBJVEIwHQYDVR0
OBBYEFNFd41iMzf42NLkOtNobY1J1mYfDMIGcBgNVHSMEgZQwgZGAFLEOThW/vgiEkySzM9tgJwFH
M7/6oW6kbDBqMQswCQYDVQQGEwJJRDEMMAoGA1UEChMDSVRCMQ4wDAYDVQQLEwVQQVVNRTEUMBIGA
1UEAxMLWmFraSBBa2htYWQxJzAlBgkqhkiG9w0BCQEWGHphQHN0dWRlbnRzLmVlLml0Yi5hYy5pZI
IJAJDoOs9mUQrRMCIGA1UdEQQbMBmBF3BhbmdlcmFua2VjaWxAZ21haWwuY29tMCMGA1UdEgQcMBq
BGHphQHN0dWRlbnRzLmVlLml0Yi5hYy5pZDAxBglghkgBhvhCAQQEJBYiaHR0cDovL2xvY2FsaG9z
dC9wdWIvY3JsL2NhY3JsLmNybDAxBglghkgBhvhCAQMEJBYiaHR0cDovL2xvY2FsaG9zdC9wdWIvY
3JsL2NhY3JsLmNybDAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vbG9jYWxob3N0L3B1Yi9jcmwvY2
FjcmwuY3JsMA0GCSqGSIb3DQEBBQUAA4GBAHJmfOtmUYrtNCuQyqs+sVouDUUM8/D8ckYiUfxf9y9
ANP1zTtrn9XJsKEZTmrHTM30VzYReMU7yIi9IfbCQlfKeLGn6iv3ToPnJHGDpy67XVwbeoa5oEmVI
E9ZjTpooSRGAzwvJLzVAQ+GWTCBcEsJdJ8R6rv/xzwXX/xWR2Qy6
userPassword:: e0NSWVBUfS9zRUp6T3FyZDcyeTY=
entryCSN: 20060905154930Z#01#00#00
modifiersName: cn=admin,ou=PAUME,o=ITB,c=ID
modifyTimestamp: 20060905154930Z

Thank you for your attention.
Best Regards

--
Zaki Akhmad

[squid-users] Testing squid_ldap_group

2006-09-05 Thread Zaki Akhmad 

Hai

I have read this two tutorial:
http://www.visolve.com/squid/Squid_tutorial.php#Authentication_ and
http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory

I can test the connection between squid and the ldapsearch
# /usr/lib/squid/squid_ldap_auth -b ou=paume,o=itb,c=id -D
cn=admin,ou=paume,o=itb,c=id -w rahaSIA -h localhost -f uid=%s
admin admin
OK

After the testing were successfull, I added this to squid.conf
auth_param basic program /usr/lib/squid/ldap_auth -b
ou=paume,o=itb,c=id -D cn=admin,ou=paume,o=itb,c=id -w rahaSIA
-f (uid=%s) -h localhost
acl auroraborealis proxy_auth REQUIRED
http_access allow auroraborealis

Bravo! I can authenticate squid with data from LDAP server.

Then I am trying to add the external_acl_type
/usr/lib/squid/squid_ldap_group. But before doing this, can I have a
test first, just like what I do with /usr/lib/squid/ldap_auth? Because
I am still confuse how to write the -f option
((objectClass=bla...bla..bla)())

Thank you.

Students of
Bandung Institute of Technology
Indonesia
--
Zaki Akhmad

[squid-users] Re: Testing squid_ldap_group

2006-09-05 Thread Zaki Akhmad 

Sorry, to reply my own email

I get my testing squid_ldap_group.

# /usr/lib/squid/squid_ldap_group -b ou=paume,o=itb,c=id -D
cn=admin,ou=paume,o=itb,c=id -w rahasia -h localhost -f uid=%v
admin admin
OK

The filter I use, is matching the uid with userpassword. I am planning
to match the uid with userCertificate. Then, how do I make the search
filter?

Thanks


Students of
Bandung Institute of Technology
Indonesia
Zaki Akhmad

[squid-users] Authenticate Squid Using Digital Certificate

2006-09-01 Thread Zaki Akhmad 

Hello

I am trying to use digital certificate for squid authentication. I
have my certicate export to LDAP server. Is it possible to
authenticate squid using digital certificate? Should I install extra
package? And what configuration that I should add on the squid.conf?

I had browse this mailing-list archive, but I didn't find the answer.
Thank you for your attention.

Regards.
--
Zaki Akhmad