From 428744a1d5b810997c1b1f38ac3c79b152c494e6 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Fri, 2 Oct 2009 17:35:07 +1300 Subject: [PATCH] Helpers: Upgrade squid_ldap_auth / basic_ldap_auth - Rename to basic_ldap_auth - C++ build with link to libcompat - Add OPTIONS section to man(8) page - Tweak libldap and liblber configure naming convention. TODO: check that removal of miscellaneous libraries (XTRA_LIBS) has not removed anything important to this helper. If so add back the individual library needed, not the whole lot. --- configure.in | 18 ++++++------- doc/release-notes/release-3.2.sgml | 1 + helpers/basic_auth/LDAP/Makefile.am | 27 +++++-------------- .../{squid_ldap_auth.8 => basic_ldap_auth.8} | 24 +++++++++-------- .../{squid_ldap_auth.c => basic_ldap_auth.cc} | 0 helpers/basic_auth/Makefile.am | 22 ++++++++++----- helpers/digest_auth/eDirectory/Makefile.am | 4 +-- helpers/digest_auth/ldap/Makefile.am | 4 +-- helpers/external_acl/ldap_group/Makefile.am | 4 +-- 9 files changed, 52 insertions(+), 52 deletions(-) rename helpers/basic_auth/LDAP/{squid_ldap_auth.8 => basic_ldap_auth.8} (92%) rename helpers/basic_auth/LDAP/{squid_ldap_auth.c => basic_ldap_auth.cc} (100%) diff --git a/configure.in b/configure.in index a0b3b64f44..9eaa5deba1 100644 --- a/configure.in +++ b/configure.in @@ -3034,17 +3034,17 @@ dnl On MinGW OpenLDAP is not available, so LDAP helpers can be linked dnl only with Windows LDAP libraries using -lwldap32 case "$host_os" in mingw|mingw32) - LIB_LDAP="-lwldap32" - LIB_LBER="" - ;; + LDAPLIB="-lwldap32" + LBERLIB="" + ;; *) - LIB_LDAP="-lldap" - dnl LDAP helpers need to know if -llber is needed or not - AC_CHECK_LIB(lber, main, [LIB_LBER="-llber"]) - ;; + LDAPLIB="-lldap" + dnl LDAP helpers need to know if -llber is needed or not + AC_CHECK_LIB(lber, main, [LBERLIB="-llber"]) + ;; esac -AC_SUBST(LIB_LDAP) -AC_SUBST(LIB_LBER) +AC_SUBST(LDAPLIB) +AC_SUBST(LBERLIB) dnl Check for libdb DBLIB= diff --git a/doc/release-notes/release-3.2.sgml b/doc/release-notes/release-3.2.sgml index 920ef83ef8..f5f13606ae 100644 --- a/doc/release-notes/release-3.2.sgml +++ b/doc/release-notes/release-3.2.sgml @@ -54,6 +54,7 @@ Most user-facing changes are reflected in squid.conf (see below). squid_db_auth - basic_db_auth - Retrieve authentication details from a simple SQL database table. getpwnam_auth - basic_getpwname_auth - Authenticate with local system user accounts. + squid_ldap_auth - basic_ldap_auth - Authenticate with LDAP user accounts. Digest Authentication protocol helpers diff --git a/helpers/basic_auth/LDAP/Makefile.am b/helpers/basic_auth/LDAP/Makefile.am index 11af8a29af..9c3eda7de0 100644 --- a/helpers/basic_auth/LDAP/Makefile.am +++ b/helpers/basic_auth/LDAP/Makefile.am @@ -1,24 +1,11 @@ -# -# Makefile for the Squid LDAP authentication helper -# -# $Id$ -# -# Uncomment and customize the following to suit your needs: -# - include $(top_srcdir)/src/Common.am -libexec_PROGRAMS = squid_ldap_auth -man_MANS = squid_ldap_auth.8 -EXTRA_DIST = squid_ldap_auth.8 -squid_ldap_auth_SOURCES = squid_ldap_auth.c +libexec_PROGRAMS = basic_ldap_auth +man_MANS = basic_ldap_auth.8 +EXTRA_DIST = basic_ldap_auth.8 +basic_ldap_auth_SOURCES = basic_ldap_auth.cc LDADD = \ - $(top_builddir)/compat/libcompat.la \ - -L$(top_builddir)/lib -lmiscutil \ - $(LIB_LDAP) \ - $(LIB_LBER) \ - $(XTRA_LIBS) - -## we need our local files too (but avoid -I. at all costs) -INCLUDES += -I$(srcdir) + $(COMPAT_LIB) \ + @LDAPLIB@ \ + @LBERLIB@ diff --git a/helpers/basic_auth/LDAP/squid_ldap_auth.8 b/helpers/basic_auth/LDAP/basic_ldap_auth.8 similarity index 92% rename from helpers/basic_auth/LDAP/squid_ldap_auth.8 rename to helpers/basic_auth/LDAP/basic_ldap_auth.8 index 561e4be680..e86f084f95 100644 --- a/helpers/basic_auth/LDAP/squid_ldap_auth.8 +++ b/helpers/basic_auth/LDAP/basic_ldap_auth.8 @@ -1,13 +1,13 @@ -.TH squid_ldap_auth 8 "14 January 2005" "Squid LDAP Auth" +.TH basic_ldap_auth 8 "14 January 2005" "Squid LDAP Auth" . .SH NAME -squid_ldap_auth - Squid LDAP authentication helper +basic_ldap_auth - LDAP authentication helper for Squid . .SH SYNOPSIS -.B squid_ldap_auth +.B basic_ldap_auth -b "base DN" [-u attribute] [options] [ldap_server_name[:port]|URI]... .br -.B squid_ldap_auth +.B basic_ldap_auth -b "base DN" -f "LDAP search filter" [options] [ldap_server_name[:port]|URI]... . .SH DESCRIPTION @@ -29,6 +29,8 @@ of operation the users DN is constructed using the base DN and user attribute. In the other mode of operation a search filter is used to locate valid user DN's below the base DN. . +.SH OPTIONS +. .TP .BI "-b " "basedn " (REQUIRED) Specifies the base DN under which the users are located. @@ -175,43 +177,43 @@ For directories using the RFC2307 layout with a single domain, all you need to specify is usually the base DN under where your users are located and the server name: .IP -squid_ldap_auth -b "ou=people,dc=your,dc=domain" ldapserver +basic_ldap_auth -b "ou=people,dc=your,dc=domain" ldapserver .P If you have sub-domains then you need to use a search filter approach to locate your user DNs as these can no longer be constructed direcly from the base DN and login name alone: .IP -squid_ldap_auth -b "dc=your,dc=domain" -f "uid=%s" ldapserver +basic_ldap_auth -b "dc=your,dc=domain" -f "uid=%s" ldapserver .P And similarily if you only want to allow access to users having a specific attribute .IP -squid_ldap_auth -b "dc=your,dc=domain" -f "(&(uid=%s)(specialattribute=value))" ldapserver +basic_ldap_auth -b "dc=your,dc=domain" -f "(&(uid=%s)(specialattribute=value))" ldapserver .P Or if the user attribute of the user DN is "cn" instead of "uid" and you do not want to have to search for the users then you could use something like the following example for Active Directory: .IP -squid_ldap_auth -u cn -b "cn=Users,dc=your,dc=domain" ldapserver +basic_ldap_auth -u cn -b "cn=Users,dc=your,dc=domain" ldapserver .P If you want to search for the user DN and your directory does not allow anonymous searches then you must also use the -D and -w flags to specify a user DN and password to log in as to perform the searches, as in the following complex Active Directory example .IP -squid_ldap_auth -P -R -b "dc=your,dc=domain" -D "cn=squid,cn=users,dc=your,dc=domain" -w "secretsquidpassword" -f "(&(userPrincipalName=%s)(objectClass=Person))" activedirectoryserver +basic_ldap_auth -P -R -b "dc=your,dc=domain" -D "cn=squid,cn=users,dc=your,dc=domain" -w "secretsquidpassword" -f "(&(userPrincipalName=%s)(objectClass=Person))" activedirectoryserver . .SH NOTES . When constructing search filters it is strongly recommended to test the filter -using ldapsearch before you attempt to use squid_ldap_auth. This to verify +using ldapsearch before you attempt to use basic_ldap_auth. This to verify that the filter matches what you expect. . .SH AUTHOR This manual page was written by .I Henrik Nordstrom .P -squid_ldap_auth is written by +basic_ldap_auth is written by .I Glenn Newton and .I Henrik Nordstrom diff --git a/helpers/basic_auth/LDAP/squid_ldap_auth.c b/helpers/basic_auth/LDAP/basic_ldap_auth.cc similarity index 100% rename from helpers/basic_auth/LDAP/squid_ldap_auth.c rename to helpers/basic_auth/LDAP/basic_ldap_auth.cc diff --git a/helpers/basic_auth/Makefile.am b/helpers/basic_auth/Makefile.am index 742720e7f2..2a5e09e919 100644 --- a/helpers/basic_auth/Makefile.am +++ b/helpers/basic_auth/Makefile.am @@ -1,7 +1,17 @@ -# Makefile for storage modules in the Squid Object Cache server -# -# $Id$ -# +## Alphabetical list of sub-directories to distribute with Squid: +DIST_SUBDIRS = \ + DB \ + getpwnam \ + LDAP \ + MSNT \ + mswin_sspi \ + multi-domain-NTLM \ + NCSA \ + PAM \ + POP3 \ + squid_radius_auth \ + SASL \ + SMB \ + YP -DIST_SUBDIRS = getpwnam LDAP MSNT multi-domain-NTLM NCSA PAM SMB YP SASL mswin_sspi POP3 DB squid_radius_auth -SUBDIRS = @BASIC_AUTH_HELPERS@ +SUBDIRS = @BASIC_AUTH_HELPERS@ diff --git a/helpers/digest_auth/eDirectory/Makefile.am b/helpers/digest_auth/eDirectory/Makefile.am index 82af4fe443..ce63875874 100644 --- a/helpers/digest_auth/eDirectory/Makefile.am +++ b/helpers/digest_auth/eDirectory/Makefile.am @@ -23,8 +23,8 @@ digest_edir_auth_SOURCES = digest_pw_auth.c \ LDADD = \ $(top_builddir)/compat/libcompat.la \ -L$(top_builddir)/lib -lmiscutil \ - $(LIB_LDAP) \ - $(LIB_LBER) \ + @LDAPLIB@ \ + @LBERLIB@ \ $(CRYPTLIB) \ $(XTRA_LIBS) \ $(SSLLIB) diff --git a/helpers/digest_auth/ldap/Makefile.am b/helpers/digest_auth/ldap/Makefile.am index 7d57e771dd..c306ffb25d 100644 --- a/helpers/digest_auth/ldap/Makefile.am +++ b/helpers/digest_auth/ldap/Makefile.am @@ -21,8 +21,8 @@ digest_ldap_auth_SOURCES = digest_pw_auth.c \ LDADD = \ $(top_builddir)/compat/libcompat.la \ -L$(top_builddir)/lib -lmiscutil \ - $(LIB_LDAP) \ - $(LIB_LBER) \ + @LDAPLIB@ \ + @LBERLIB@ \ $(CRYPTLIB) \ $(XTRA_LIBS) \ $(SSLLIB) diff --git a/helpers/external_acl/ldap_group/Makefile.am b/helpers/external_acl/ldap_group/Makefile.am index 8ce92a39ce..08c2fc84e6 100644 --- a/helpers/external_acl/ldap_group/Makefile.am +++ b/helpers/external_acl/ldap_group/Makefile.am @@ -20,6 +20,6 @@ squid_ldap_group_SOURCES = squid_ldap_group.c LDADD = \ $(top_builddir)/compat/libcompat.la \ -L$(top_builddir)/lib -lmiscutil \ - $(LIB_LDAP) \ - $(LIB_LBER) \ + @LDAPLIB@ \ + @LBERLIB@ \ @XTRA_LIBS@ -- 2.47.2