From 076d10379266ad8dcf7366b6f504343de4ed9d11 Mon Sep 17 00:00:00 2001 From: serassio <> Date: Sun, 6 Feb 2005 17:39:59 +0000 Subject: [PATCH] Forward port of all latest 2.5 changes --- helpers/basic_auth/LDAP/squid_ldap_auth.8 | 16 +++++++++++++++- helpers/basic_auth/LDAP/squid_ldap_auth.c | 14 +++++++++----- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/helpers/basic_auth/LDAP/squid_ldap_auth.8 b/helpers/basic_auth/LDAP/squid_ldap_auth.8 index b8c032d179..bc6fb7bfe7 100644 --- a/helpers/basic_auth/LDAP/squid_ldap_auth.8 +++ b/helpers/basic_auth/LDAP/squid_ldap_auth.8 @@ -1,4 +1,4 @@ -.TH squid_ldap_auth 8 "17 July 2004" "Squid LDAP Auth" +.TH squid_ldap_auth 8 "14 January 2005" "Squid LDAP Auth" . .SH NAME squid_ldap_auth - Squid LDAP authentication helper @@ -13,6 +13,16 @@ squid_ldap_auth - Squid LDAP authentication helper .SH DESCRIPTION This helper allows Squid to connect to a LDAP directory to validate the user name and password of Basic HTTP authentication. +LDAP options are specified as parameters on the command line, +while the username(s) and password(s) to be checked against the +LDAP directory are specified on subsequent lines of input to the +helper, one username/password pair per line separated by a space. +.P +As expected by the basic authentication construct of Squid, after +specifying a username and password followed by a new line, this +helper will produce either OK or ERR on the following line +to show if the specified credentials are correct according to +the LDAP directory. .P The program has two major modes of operation. In the default mode of operation the users DN is constructed using the base DN and @@ -135,6 +145,10 @@ other than the default LDAP port 389. Can also be specified within the server specificiation by using servername:port syntax. . .TP +.BI -v " 2|3" +LDAP protocol version. Defaults to 2 if not specified. +. +.TP .BI -Z Use TLS encryption . diff --git a/helpers/basic_auth/LDAP/squid_ldap_auth.c b/helpers/basic_auth/LDAP/squid_ldap_auth.c index 5c727adf73..0fde1d17c8 100644 --- a/helpers/basic_auth/LDAP/squid_ldap_auth.c +++ b/helpers/basic_auth/LDAP/squid_ldap_auth.c @@ -32,13 +32,13 @@ * Changes: * 2005-01-07: Henrik Nordstrom * - Added some sanity checks on login names to avoid - * users bypassing equality checks by exploring the - * overly helpful match capabilities of LDAP + * users bypassing equality checks by exploring the + * overly helpful match capabilities of LDAP * 2004-07-17: Henrik Nordstrom * - Corrected non-persistent mode to only issue one - * ldap_bind per connection. + * ldap_bind per connection. * - -U option to compare the users password rather - * than binding. + * than binding. * 2004-03-01: Henrik Nordstrom * - corrected building of search filters to escape * unsafe input @@ -152,6 +152,10 @@ static int readSecret(const char *filename); /* Yuck.. we need to glue to different versions of the API */ +#ifndef LDAP_NO_ATTRS +#define LDAP_NO_ATTRS "1.1" +#endif + #if defined(LDAP_API_VERSION) && LDAP_API_VERSION > 1823 static int squid_ldap_errno(LDAP * ld) @@ -635,7 +639,7 @@ checkLDAP(LDAP * persistent_ld, const char *userid, const char *password, const LDAPMessage *res = NULL; LDAPMessage *entry; char *searchattr[] = - {NULL}; + {LDAP_NO_ATTRS, NULL}; char *userdn; int rc; LDAP *search_ld = persistent_ld; -- 2.47.2