CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
Search Posts SEARCH
Who's Online WHO'S
Log in LOG

Home: Perl Programming Help: Advanced:
Help with script for SQUID and LDAP


New User

May 8, 2009, 1:56 PM

Post #1 of 2 (1976 views)
Help with script for SQUID and LDAP Can't Post

I am working on a hobby project for billing system for squid and PHP.
Mi idea is to control the traffic with squid. I will use PHP program witch will pass IPs to LDAP program and squid server will read from LDAP every time when packet passes and it will check it's IP address.
The problem is that I need to force squid to read IPs from LDAP.
I found some info on that page
As you see squid reads IPs from eDirectory. I need it to readd from LDAP.
Can you help to rewrite the script to read SQUID IPs from LDAP and if they mach with the IP from the packet squid to block the access?

use Net::LDAP;
use Net::LDAP::LDIF;
use File::Path qw(rmtree);
use File::Basename qw(basename);

$HOST = 'your.edirectory.server';
$PORT = 389;
$ADMIN = "cn=squid,ou=tech,o=company";
$PASSWD = "squidpassword";
$BASEDN = "o=company";
@SITES = qw(ou=groups);


START: while (<>) {

($IP,$GROUP) = split(/ /,$_);
# $SITE =~ tr/\n//d;
$GROUP =~ tr/\n//d;
for $site (@SITES) {

$netaddress = "1\#";
@octets = split(/\./,$IP);
foreach $octet (@octets) {
# The IP address is stored in eDirectory as four unsigned chars. ASCII 40, 41, 42 and
# 92 are characters ( ) *\ which are known tokens in LDAP search filters If you dont
# escape these with a backslash they will cause LDAP errors and he script will fail.
if ((($octet >= 40) && ($octet <= 42)) || ($octet == 92)) {
$netaddress = $netaddress.sprintf("\\%c",$octet)
} else {
$netaddress= $netaddress.sprintf("%c",$octet);

#connect to the server
until($ldap = Net::LDAP->new($HOST, port => $PORT)) {
die "Can not connect to ldap://$HOST:$PORT/" if ++$count > 10;
sleep 1;

$r = $ldap->start_tls();

$r = $ldap->bind($ADMIN, password => $PASSWD, version=>2);
die $r->error if $r->code;

$r = $ldap->search(base => $BASEDN,
scope => 'sub',
filter => $filter,
attrs => $attnames);

$count = $r->count;
if ($count == 0) {
print "ERR\n";
} else {
foreach my $entry ($r->entries){
my @values = $entry->get_value(CN);
foreach $value (@values) {
# Many users in eDirectory have multiple CN values - usually from the user template
# used to create them - sometimes their maiden name is noted in the Other Name
# attribute in ConsoleOne we want to report the proper CN to squid not these bogus
# values.
if ($value =~ m/template|previously/i) {
} else {
$value =~ tr/- //d;
print "OK user=$value\n";
next START;

(This post was edited by rcbandit on May 8, 2009, 1:56 PM)


May 19, 2009, 11:45 AM

Post #2 of 2 (1914 views)
Re: [rcbandit] Help with script for SQUID and LDAP [In reply to] Can't Post

Hi rcbandit,

I suggest you start by googling 'squid ldap ip'.




Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives