Use the following script.
What it will do is ,it will first go to the first LDAP server and verify
the Username/password .
If that LDAp server does not have this user then it will go to the next one
.
I use it and is working fantastic.
#!/usr/bin/perl
$|=1;
use IPC::Open2;
open2(*read1,*write1,"/usr/lib/squid/squid_ldap_auth ...full command with
parameters for LDAP server 1");
open2(*read3,*write3,"/usr/lib/squid/squid_ldap_auth full command with
parameters for LDAP server 2 ");
while(<>) {
print write1 $_;
$ans = <read1>;
if( $ans =~ /^OK/) {
print $ans;
next; }
print write3 $_;
$ans = <read3>;
if( $ans =~ /^OK/) {
print $ans;
next;
}
print $ans;
}
[EMAIL PROTECTED]
05/27/04 06:33 PM To
[EMAIL PROTECTED]
cc
Subject
[squid-users] squid_ldap_auth for
two ldap servers
Hello,
I'm working with squid 2.5 stable 5 and a LDAP authentication which works
great.
My problem is, that the squid_ldap_auth should work with 2 different LDAP
Servers. I know it's not possible yet, without changing the source code.
And there i do have some trouble.
There are two different LDAP Servers.
Persons with an uid which contains a number in it [0-9] should authenticate
on Server A.
Persons without a number in the uid should authenticate on Server B.
So i thought, i just check the uid for numbers in it. (right after the user
and passwd is collected by squid_ldap_auth) and change the server if
necessary.
I do open squid_ldap_auth with -b "basedn of Server A" â f ... ... Server A
My programm looks like that (haven't changed anything else), but doesn't
work. Since i am not really into C programming i hope to get some answers
here.
while (fgets(buf, 256, stdin) != NULL) {
user = strtok(buf, " \r\n");
passwd = strtok(NULL, "\r\n");
if (!user || !passwd || !passwd[0]) {
printf("ERR\n");
continue;
}
/* the part above (unchanged) collects the "user" and "passwd", right? */
/* my additional source code starts here */
char numbers[] = "0123456789"; /* just a definition of
the numbers I'm looking for */
char *helpvar;
helpvar=NULL;
helpvar=strpbrk(user, numbers);
/* search for numbers - if "user" contain numbers -> helpvar=adress of the
first number - if not helpvar stays NULL*/
for (;helpvar==NULL;) {
basedn="basedn of Server B";
ldapServer="Server B";
break;
}
/* since i allready defined basedn A and Server A with the opening of
squid_ldap_auth i don't need to change anything if helpvar!=NULL */
/* from now on again unchanged source code */
rfc1738_unescape(user);
rfc1738_unescape(passwd);
...
I know i shouldn't fix the Server B in the source code, but at first, it
should work, later i can try to implement a second basedn and server at the
start of the program (perhaps with -x basedn2 / -y server2)
I hope you could help me, otherwise we have to run 2 squid servers
simultaneously (which isn't wanted). A change to only one LDAP Server (with
every user on it) is out of question.
Thank you
~ Dominique
ForwardSourceID:NT00006E92DISCLAIMER: The information contained in this message is intended only and solely for
the addressed individual or entity indicated in this message and for the exclusive use
of the said addressed individual or entity indicated in this message (or responsible
for delivery
of the message to such person) and may contain legally privileged and confidential
information belonging to Tata Consultancy Services. It must not be printed, read,
copied, disclosed, forwarded, distributed or used (in whatsoever manner) by any person
other than the
addressee. Unauthorized use, disclosure or copying is strictly prohibited and may
constitute unlawful act and can possibly attract legal action, civil and/or criminal.
The contents of this message need not necessarily reflect or endorse the views of Tata
Consultancy Services
on any subject matter. Any action taken or omitted to be taken based on this message
is entirely at your risk and neither the originator of this message nor Tata
Consultancy Services takes any responsibility or liability towards the same. Opinions,
conclusions and any other
information contained in this message that do not relate to the official business of
Tata Consultancy Services shall be understood as neither given nor endorsed by Tata
Consultancy Services or any affiliate of Tata Consultancy Services. If you have
received this message in error,
you should destroy this message and may please notify the sender by e-mail. Thank you.
