LDAP+Squid [решено]

[kon-dv]

Доброго всем времени суток.  :)
Установил недавно Школьный сервер 4.1. По умолчанию LDAP настроен и работает сразу из коробки (что очень радует!) и пользователи добовляются через alterator. Попробовал LDAP+moodle - всё работает (я просто счастлив!). Осталось последний штрих - аутентификация в squid, используя LDAP. Попробовал вот так:

Код: [Выделить]

#       WELCOME TO SQUID 2.6.STABLE17

# OPTIONS FOR AUTHENTICATION
# -----------------------------------------------------------------------------
visible_hostname server.lan
http_port 3128

#
#Recommended minimum configuration per scheme:
#auth_param negotiate program <uncomment and complete this line to activate>
#auth_param negotiate children 5
#auth_param negotiate keep_alive on
#auth_param ntlm program <uncomment and complete this line to activate>
#auth_param ntlm children 5
#auth_param ntlm keep_alive on
#auth_param digest program <uncomment and complete this line>
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param basic program <uncomment and complete this line>
auth_param basic children 5
auth_param basic realm Proxy-server MOU ASOSH2
auth_param basic program /usr/lib/squid/squid_ldap_auth -b ou=People,dc=office,dc=lan -f (uid=%s) -h 192.168.0.4
#auth_param basic credentialsttl 2 hours
#auth_param basic casesensitive off
#
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
#acl mynetwork src 192.168.0.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl Rsync_ports port 873
acl Jabber_ports port 5222 5223
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 563 # snews
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl local-servers dstdomain asosh2.edu terminal.asosh2.edu 172.18.194.42
acl local-servers_ip dstdomain 172.18.194.42
acl banned_sites url_regex -i dummy fake sex porno igromania trahni lovexx zaycev love heroeswm propy gta playground chemax openok r84.letitbit.net bestgamer.ru game-ost.ru game sigraem.com qiq.ru
acl CONNECT method CONNECT
acl QUERY urlpath_regex cgi-bin \?

#We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

#Default:
# cache_dir ufs /var/spool/squid 100 16 256
#cache_dir ufs /home/squid 2000 16 256

#  TAG: access_log
access_log /var/log/squid/access.log squid

#TAG: url_rewrite_program

#url_rewrite_program /usr/sbin/redirector /etc/squid/redirector/redirector.conf
#
acl apache rep_header Server ^Apache

#Suggested default:
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

#Default:
# store_avg_object_size 13 KB
store_avg_object_size 500 MB


acl password proxy_auth REQUIRED
http_access allow manager localhost
#http_access deny banned_sites
http_access deny manager
http_access allow password
#http_access allow mynetwork
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports !Jabber_ports !Rsync_ports
http_access allow localhost
http_access deny all
cache deny QUERY
#broken_vary_encoding allow apache

#Default:
# cache_effective_user squid
cache_effective_user squid

#Default:
# cache_effective_group squid
cache_effective_group squid


# INTERNAL ICON OPTIONS
# -----------------------------------------------------------------------------

#  TAG: icon_directory
#       Where the icons are stored. These are normally kept in
#       /usr/share/squid/icons
#
#Default:
icon_directory /usr/share/squid/icons
error_directory /usr/share/squid/errors/Russian-1251
#


#Default:
# coredump_dir none
#
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid


#
#Default:
# max_filedesc 1024
always_direct allow local-servers
always_direct allow local-servers_ip
а именно:

Код: [Выделить]

auth_param basic program /usr/lib/squid/squid_ldap_auth -b ou=People,dc=office,dc=lan -f (uid=%s) -h 192.168.0.4Окно для регистрации выскакивает. Ввожу логин и пароль пользователя, созданного в Учетные записи LDAP в alterator. Сервер не принимает. Вот такая беда  :(

[ruslandh]

Не знаю, может поможет http://www.gentoo.org/doc/ru/ldap-howto.xml

[lsv]

Окно для регистрации выскакивает. Ввожу логин и пароль пользователя, созданного в Учетные записи LDAP в alterator. Сервер не принимает. Вот такая беда  :(

Проблема еще актуальна?

[kon-dv]

Я дико извиняюсь. Просто по неопытности и природной торопливости указал неверные параметры. Вместо
auth_param basic program /usr/lib/squid/squid_ldap_auth -b ou=People,dc=asosh,dc=ru -f (uid=%s) -h 192.168.0.4 указал ou=People,dc=office,dc=lan (как было показано в file:///usr/share/doc/alt-docs/modules/proxy_squid/index.html). Всё заработало. Всем спасибо  :)