前面已经说了 Openldap,extmail,dovecot的相关配置.
现在把本机再装了一个squid,使用openldap认证.
配置如下:
Squid Setup
./configure --prefix=/usr/local/squid --enable-basic-auth-helpers=LDAP
make all && make install
#创建缓存目录
/usr/local/squid/sbin/squid -z
#调试,正常可以看见 Ready to serve requests.
/usr/local/squid/sbin/squid -NCD1
basic_ldap_auth -b "dc=test.com" -w bian -f "(&(objectClass=extmailUser)(mail=%s)(active=1))"
#输入邮箱+空格+密码 测试一下,提示OK就没问题
chown -R nobody var
squid.conf 配置如下:
- #-----------------------------
- auth_param basic program /usr/local/squid/libexec/basic_ldap_auth -b "dc=test.com" -w bian -f "(&(objectClass=extmailUser)(mail=%s)(active=1))"
- acl ldapauth proxy_auth REQUIRED
- #定义认证进程数,启动进程数,空闲进程数
- auth_param basic children 5 startup=0 idle=1
- #定义Web浏览器显示用户名/密码对话框时的领域内容
- auth_param basic realm OTNET Squid Test
- #定义认证通过后有效时间
- auth_param basic credentialsttl 2 hours
- http_access allow ldap-auth
- http_access deny all
- cache_mem 64 MB #缓存占内存大小
- maximum_object_size 4096 KB #最大缓存块
- #usf:缓存存储格式,目录,占用空间,子目录数,二级目录数
- cache_dir ufs /usr/local/squid/var/cache 100 16 256
- #-----------------------------
主要那个ldap查询参数折腾了好一会...
现在记录一下!
附一段重启Squid的脚本:
- #!/bin/bash
- #squid clean swap and restart script
- SQUID_DIR=/usr/local/squid/
- CACHE_DIR=${SQUID_DIR}var/cache
- . /etc/init.d/functions
- killproc ${SQUID_DIR}sbin/squid
- rm -rf $CACHE_DIR/*
- ${SQUID_DIR}sbin/squid -z>/dev/null 2>&1
- if [ $? -eq 0 ]
- then
- daemon ${SQUID_DIR}sbin/squid
- fi
- exit $?
