OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Theo Grimm (theo.grimm_at_t-online.de)
Date: Wed Sep 25 2002 - 14:01:28 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Am Mittwoch, 25. September 2002 22:25 schrieb Dr. Harro Rosner:
    > > Hi All
    > >
    > >
    > > Is it possible to get squid to use ldap to authenticate users via novell.
    > > I want it implement a squid but I want users to enter there username and
    > > passwords with out giving them a new set of usernames and passwords and
    > > confusing my minions.
    > >
    > > has any one out there done this kind of implementation yet ?
    > >
    > >
    > > Regards
    > >
    > > Thomas Wheeler
    >
    > Hello Thomas,
    >
    > we've got a similar configuration up and running as follows:
    >
    > In a private LAN we have NT- and Win2k- Workstations with
    > Novell-Netware-Clients, getting their IP-Addresses via DHCP.
    >
    > On a Suse-7.2-Linux-Box runs Squid, which is the one and only host
    > of the private LAN allowed to cross the Firewall with http-related
    > requests.
    >
    > A Netware-Server with LDAP installed, translates NDS-Attributes of
    > our choice to LDAP.
    >
    > According to our Policies only some of our users are allowed to surf
    > the net.
    >
    > To enable these "privileged" users, we put them into a certain
    > NDS-group. On the squidhost every 15 Minutes runs a perlscript, which
    > asks the LDAP Server for a list of IP-Adresses, where members of this
    > group are currently logged in. This list is than formatted as an
    > Client-Adress-ACL for squid.
    >
    > Hence users have to authenticate themselves only once to the
    > Netware-Server and get enabled or not - independent of their current
    > IP-Adresses - iff they are members of this privileged group.
    >
    > If you are interested in details regarding LDAP-attributes, Versions,
    > above mentioned perlscript (dirty hack!) or so, please feel free to
    > contact me privately.
    > Mit freundlichen Grüßen
    >
    > Dr. H. Rosner
    > Stadtverwaltung Jena
    > Hauptamt / Datenverarbeitung
    >
    > Tel: 03641 49 2053
    > Fax: 03641 49 2222
    > eMail: rosjena.de 

    -- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here