CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Advanced:
Help with script for SQUID and LDAP

 



rcbandit
New User

May 8, 2009, 1:56 PM

Post #1 of 2 (1241 views)
Help with script for SQUID and LDAP Can't Post

Hi,
I am working on a hobby project for billing system for squid and PHP.
Mi idea is to control the traffic with squid. I will use PHP program witch will pass IPs to LDAP program and squid server will read from LDAP every time when packet passes and it will check it's IP address.
The problem is that I need to force squid to read IPs from LDAP.
I found some info on that page http://www.stress-free.co.nz/transparent_squid_authentication_to_edirectory
As you see squid reads IPs from eDirectory. I need it to readd from LDAP.
Can you help to rewrite the script to read SQUID IPs from LDAP and if they mach with the IP from the packet squid to block the access?

#!/usr/bin/perl
use Net::LDAP;
use Net::LDAP::LDIF;
use File::Path qw(rmtree);
use File::Basename qw(basename);

$HOST = 'your.edirectory.server';
$PORT = 389;
$ADMIN = "cn=squid,ou=tech,o=company";
$PASSWD = "squidpassword";
$BASEDN = "o=company";
@SITES = qw(ou=groups);

$|=1;

START: while (<>) {

($IP,$GROUP) = split(/ /,$_);
# $SITE =~ tr/\n//d;
$GROUP =~ tr/\n//d;
$group_filter_string="";
for $site (@SITES) {
$group_filter_string=$group_filter_string."(groupMembership=cn=$GROUP,${site},$BASEDN)";
}


$netaddress = "1\#";
@octets = split(/\./,$IP);
foreach $octet (@octets) {
# The IP address is stored in eDirectory as four unsigned chars. ASCII 40, 41, 42 and
# 92 are characters ( ) *\ which are known tokens in LDAP search filters If you dont
# escape these with a backslash they will cause LDAP errors and he script will fail.
if ((($octet >= 40) && ($octet <= 42)) || ($octet == 92)) {
$netaddress = $netaddress.sprintf("\\%c",$octet)
} else {
$netaddress= $netaddress.sprintf("%c",$octet);
}
}
$filter="(&(objectclass=user)(|$group_filter_string)(networkAddress=$netaddress))";
$attnames=['CN'];

#connect to the server
until($ldap = Net::LDAP->new($HOST, port => $PORT)) {
die "Can not connect to ldap://$HOST:$PORT/" if ++$count > 10;
sleep 1;
}

$r = $ldap->start_tls();

$r = $ldap->bind($ADMIN, password => $PASSWD, version=>2);
die $r->error if $r->code;

$r = $ldap->search(base => $BASEDN,
scope => 'sub',
filter => $filter,
attrs => $attnames);

$count = $r->count;
if ($count == 0) {
print "ERR\n";
} else {
foreach my $entry ($r->entries){
my @values = $entry->get_value(CN);
foreach $value (@values) {
# Many users in eDirectory have multiple CN values - usually from the user template
# used to create them - sometimes their maiden name is noted in the Other Name
# attribute in ConsoleOne we want to report the proper CN to squid not these bogus
# values.
if ($value =~ m/template|previously/i) {
next;
} else {
$value =~ tr/- //d;
print "OK user=$value\n";
next START;
}
}
}
}
$ldap->unbind;
}


(This post was edited by rcbandit on May 8, 2009, 1:56 PM)


1arryb
User

May 19, 2009, 11:45 AM

Post #2 of 2 (1179 views)
Re: [rcbandit] Help with script for SQUID and LDAP [In reply to] Can't Post

Hi rcbandit,

I suggest you start by googling 'squid ldap ip'.

Cheers,

Larry

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives