Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] LDAP, Novell and Squid
  • From: "Dr. Harro Rosner" <ros@xxxxxxx>
  • Date: Wed, 25 Sep 2002 17:25:30 CET-1CDT
  • Message-id: <20020925152650.50E8669D46@xxxxxxxxxxxxxxxx>

> Hi All


> Is it possible to get squid to use ldap to authenticate users via novell. I
> want it implement a squid but I want users to enter there username and
> passwords with out giving them a new set of usernames and passwords and
> confusing my minions.
>
> has any one out there done this kind of implementation yet ?
>
>
> Regards
>
> Thomas Wheeler

Hello Thomas,

we've got a similar configuration up and running as follows:

In a private LAN we have NT- and Win2k- Workstations with
Novell-Netware-Clients, getting their IP-Addresses via DHCP.

On a Suse-7.2-Linux-Box runs Squid, which is the one and only host
of the private LAN allowed to cross the Firewall with http-related
requests.

A Netware-Server with LDAP installed, translates NDS-Attributes of
our choice to LDAP.

According to our Policies only some of our users are allowed to surf
the net.

To enable these "privileged" users, we put them into a certain
NDS-group. On the squidhost every 15 Minutes runs a perlscript, which
asks the LDAP Server for a list of IP-Adresses, where members of this
group are currently logged in. This list is than formatted as an
Client-Adress-ACL for squid.

Hence users have to authenticate themselves only once to the
Netware-Server and get enabled or not - independent of their current
IP-Adresses - iff they are members of this privileged group.

If you are interested in details regarding LDAP-attributes, Versions,
above mentioned perlscript (dirty hack!) or so, please feel free to
contact me privately.
Mit freundlichen Grüßen

Dr. H. Rosner
Stadtverwaltung Jena
Hauptamt / Datenverarbeitung

Tel: 03641 49 2053
Fax: 03641 49 2222
eMail: ros@xxxxxxx

< Previous Next >
Follow Ups
References