- 论坛徽章:
- 0
|
centos5 squid openldap 认证
先安装好http php
略过
yum install openldap* squid
vi /etc/ldap.conf
base dc=jluzh,dc=com
vi /etc/hosts
172.16.16.144 ldap.xxx.com
vi /etc/openldap/ldap.conf
BASE dc=jluzh,dc=com
URI ldap://ldap.jluzh.com
vi /etc/openldap/sldap.conf
添加schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/misc.schema
suffix "dc=xx,dc=com"
rootdn "cn=Manager,dc=xx,dc=com"
rootpw 123456 //用明文密码。懒的改了。可以自己设置
在最后添加
access to attrs=userPassword
by self write
by dn="cn=Manager,dc=jluzh,dc=com" write
by anonymous auth
by * none
access to *
# by * read
by dn=".*,dc=jluzh,dc=com" write
by self write
# by anonymous auth
在squid.conf里在相应的地方添加
auth_param basic program /usr/lib/squid/squid_ldap_auth -b "dc=xxx,dc=org" -h 172.16.16.144
acl ldapauth proxy_auth REQUIRED
http_access allow ldapauth
手动录入
第一步是要建立DN:
# ldapadd -x -D 'cn=Manager,dc=xx,dc=com' -W
dn: dc=it,dc=com
objectClass: dcObject
objectClass: organization
dc: it
o: Corporation
ctrl+d 保存
vi base.ldif // write like following exampledn: dc=server-linux,dc=infoobjectClass: dcObjectobjectClass: organizationo: server-linux Organizationdc: server-linux dn: cn=Manager, dc=server-linux,dc=infoobjectClass: organizationalRolecn:manager dn: ou=People,dc=server-linux,dc=infoobjectClass: organizationalUnitou: People dn: ou=Group,dc=xx,dc=xxobjectClass: organizationalUnitou: Group可以按照下面的手动建立 配置phpldapadmin下载phpldapadmin 在/var/www/html下配置复制一个config.php文件。然后直接可以访问在dc的下添加一个Simple Security Object启动squid 和ldap就可以认证了
cn=Manager,dc=xx,dc=com
密码就是配置文件中的明文密码。可以修改密码加密方式 slappasswd -h {md5} 把密码复制到配置文件中 |
|