Why do you need to compile additional helpers. The standard squid_ldap_auth and squid_ldap_group helpers work fine against the SunONE Directory server 5.2. I have been using Squid 2.5 STABLE 5 since January against SunONE Directory Server 5.2. Here are some snippets from my Squid config file.
---------------------------------------------------------------
auth_param basic program /usr/lib/squid/squid_ldap_auth -h ldap_host.your_domain.org -p ldap_port -P -b o=base_ou -f "(|(uid=%s)(mail=%s))"
auth_param basic children 20
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 5 minute
external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -h ldap_host.your_domain.org -p ldap_port -P -b o=base_ou -F "(|(uid=%s)(mail=%s))" -f "(&(cn=%g)(uniquemember=%u)(objectClass=groupOfUniqueNames))"
---------------------------------------------------------------
I recently added to the LDAP query the ability to authenticate with the user's E-Mail address. This allowed for the distinguishing of duplicate users in the LDAP database. JDough of sub-company-A verses JDough of sub-company-B. The user enters their ID as [EMAIL PROTECTED]
Biggest things to watch for are DNS (/etc/hosts) resolution of the LDAP host, and your understanding of the structure of your LDAP schema. Initially I had trouble with querying the LDAP schema. I was trying to make it too complex.
No point in chasing encryption of the LDAP binds (unless you absolutely have to), currently none of the common browers support encryption for proxy challenges.
Tim
----------------------------------------------------------- Timothy E. Neto Computer Systems Engineer Komatsu Canada Limited Ph#: 905-625-6292 x265 1725B Sismet Road Fax: 905-625-6348 Mississauga, Canada E-Mail: [EMAIL PROTECTED] L4W 1P9 -----------------------------------------------------------
Lewars, Mitchell (EM, PTL) wrote:
Any tips on compiling Squid with the Sun Directory Server SDK?
We want to use the Auth_LDAP helper but we would like to use the Sun Directory Server SDK.
Thanks
Mitch
