Integration LDAP with e2guardian.

Kleber Carvalho

unread,

Jan 22, 2018, 5:37:57 AM1/22/18

to e2guardian

Hello,

I am searching how to integrate LDAP with e2guardian and till now none topic about that. Have anyone already had this necessity ?

My real necessity is integrate and use permissions by group through Ldap.

Regards.

Renato C. Pacheco

unread,

Jan 22, 2018, 7:52:58 AM1/22/18

to e2guardian

At my company, I use LDAP to authenticate all of my users in Squid. E2guardian just bypass this authentication, making filtering before delivering to Squid... Is that help?

--
You received this message because you are subscribed to the Google Groups "e2guardian" group.
To unsubscribe from this group and stop receiving emails from it, send an email to e2guardian+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Renato Carneiro Pacheco
Pós-Graduado em Segurança em Redes de Computadores
Graduado em Redes de Comunicação

http://br.linkedin.com/pub/renato-pacheco/9/b1/5a8
https://www.facebook.com/renatocarneirop

Kleber Carvalho

unread,

Jan 22, 2018, 7:59:27 AM1/22/18

to Renato C. Pacheco, e2guardian

Thank you Renato,

Yeah That is... Could you share this ideia with me ? Are you filtering by range?

In other environment I already have E2guardian with filter but now I need to integrate it with my Ldap.

Thanks again .

On Mon, Jan 22, 2018 at 1:52 PM, Renato C. Pacheco <renato....@gmail.com> wrote:

At my company, I use LDAP to authenticate all of my users in Squid. E2guardian just bypass this authentication, making filtering before delivering to Squid... Is that help?

On Mon, Jan 22, 2018 at 8:37 AM Kleber Carvalho <kleb....@gmail.com> wrote:

Hello,

I am searching how to integrate LDAP with e2guardian and till now none topic about that. Have anyone already had this necessity ?
My real necessity is integrate and use permissions by group through Ldap.

Regards.

--
You received this message because you are subscribed to the Google Groups "e2guardian" group.

To unsubscribe from this group and stop receiving emails from it, send an email to e2guardian+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
Renato Carneiro Pacheco
Pós-Graduado em Segurança em Redes de Computadores
Graduado em Redes de Comunicação
http://br.linkedin.com/pub/renato-pacheco/9/b1/5a8
https://www.facebook.com/renatocarneirop

--
You received this message because you are subscribed to a topic in the Google Groups "e2guardian" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/e2guardian/X9umPleIKG4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to e2guardian+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

FredB

unread,

Jan 22, 2018, 8:02:25 AM1/22/18

to e2guardian

You can use a simple script

- Extract regularly the users to a plain text file (johndoe=filter2) from ldap
- Just reload e2guardian -> version 4.x

Kleber Carvalho

unread,

Jan 22, 2018, 8:08:56 AM1/22/18

to FredB, e2guardian

Thanks FredB,

Can I do it just with users? I'd like of an options to do it by group too.

Thanks again.

--
You received this message because you are subscribed to a topic in the Google Groups "e2guardian" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/e2guardian/X9umPleIKG4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to e2guardian+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Renato C. Pacheco

unread,

Jan 22, 2018, 8:10:36 AM1/22/18

to e2guardian

Kleber, it's simple! To filter in LDAP, you could just use LDAP filter in squid configuration. Look at this example below:

auth_param basic program /usr/lib/squid3/basic_ldap_auth -b ou=users,dc=major,dc=company,dc=com -h 127.0.0.1 -p 389 -s sub -v 3 -f "(&(uid=%s)(!(uid=johndoe)))"

In this case, all of users can authenticate, except johndoe. You can create other filters, following these examples below:

https://www.ibm.com/support/knowledgecenter/SSYJ99_8.5.0/admin-system/rbug_ldapfltrxprns.html

On Mon, Jan 22, 2018 at 10:59 AM Kleber Carvalho <kleb....@gmail.com> wrote:

Thank you Renato,

Yeah That is... Could you share this ideia with me ? Are you filtering by range?
In other environment I already have E2guardian with filter but now I need to integrate it with my Ldap.

Thanks again .

On Mon, Jan 22, 2018 at 1:52 PM, Renato C. Pacheco <renato....@gmail.com> wrote:

At my company, I use LDAP to authenticate all of my users in Squid. E2guardian just bypass this authentication, making filtering before delivering to Squid... Is that help?

On Mon, Jan 22, 2018 at 8:37 AM Kleber Carvalho <kleb....@gmail.com> wrote:

Hello,

I am searching how to integrate LDAP with e2guardian and till now none topic about that. Have anyone already had this necessity ?
My real necessity is integrate and use permissions by group through Ldap.

Regards.

--
You received this message because you are subscribed to the Google Groups "e2guardian" group.

To unsubscribe from this group and stop receiving emails from it, send an email to e2guardian+...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
Renato Carneiro Pacheco
Pós-Graduado em Segurança em Redes de Computadores
Graduado em Redes de Comunicação
http://br.linkedin.com/pub/renato-pacheco/9/b1/5a8
https://www.facebook.com/renatocarneirop

--
You received this message because you are subscribed to a topic in the Google Groups "e2guardian" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/e2guardian/X9umPleIKG4/unsubscribe.

To unsubscribe from this group and all its topics, send an email to e2guardian+...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
Kleber da Silva Carvalho
Profissional Certificado.
CCNA R&S | CCNA Security | CCNP Security | LPIC-1 | LPIC-2 | LPIC-3 | LPIC-3 303 | Novell CLA 11 | Novell DCTS | ITIL v3 | COBIT 4.1

schr...@gmail.com

unread,

Jun 7, 2018, 11:05:29 AM6/7/18

to e2guardian

What kind of Script are you using?
I have the same need. My Users are with Kerberos/NTLM in Squid authenticated, and Squid is asking LDAP to check the groups. ACL can be created for that LDAP-Groups.

But how can i re-use this ldap-groups in E2Guardian? Not user, Groups.

Help :o)

Renato C. Pacheco

unread,

Jun 7, 2018, 12:39:20 PM6/7/18

to e2guardian

schroeffu,

In your situation, there is an other way to do this. Check this out at https://wiki.squid-cache.org/action/show//ConfigExamples/Authenticate/Groups?action=show&redirect=ConfigExamples%2FAuthenticate%2FNtlmWithGroups

--
E2guardian:
https://groups.google.com/d/forum/e2guardian
Github:
https://github.com/e2guardian/e2guardian
---

You received this message because you are subscribed to the Google Groups "e2guardian" group.

To unsubscribe from this group and stop receiving emails from it, send an email to e2guardian+...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Renato Carneiro Pacheco
Pós-Graduado em Segurança em Redes de Computadores
Graduado em Redes de Comunicação

https://www.linkedin.com/in/renatocarneirop/
https://www.facebook.com/renatocarneirop

FredB

unread,

Jun 29, 2018, 5:18:28 AM6/29/18

to e2gua...@googlegroups.com

Eg, ugly script ...

Five groups in ldap

#!/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
#set -vx

LDAP_HOSTNAME=127.0.0.1
LDAP_PORT=389
LDAP_BINDDN="dc=ldap,dc=myorg"
LDAP_AUTH="-x"
GROUP_SEARCH="groupOfUniqueNames"
USER_SEARCH="uniqueMember"
OUTPUT_DIR="/etc/e2guardian/lists/"
OUTPUT="/etc/e2guardian/lists/groups"
group="group"
group1="group1"
group2="group2"
group3="group3"
group4="group4"
group5="group5"
count="1"
# Max group
max="6"

while [ $count -ne $max ]
do
    ldapsearch -h $LDAP_HOSTNAME -b $LDAP_BINDDN -p $LDAP_PORT -x
"cn=group$count" $USER_SEARCH | grep -i ^$USER_SEARCH | cut -d '=' -f 2
| cut -d ',' -f 1 > $OUTPUT_DIR$group$count

    if [ "$group$count" = "$group1" ]
        then
        sed -i 's/$/=filter1/' $OUTPUT_DIR$group$count
        more $OUTPUT_DIR$group$count > $OUTPUT
        logger group$count Ok
    fi

    if [ "$group$count" = "$group2" ]
        then
        sed -i 's/$/=filter2/' $OUTPUT_DIR$group$count
        more $OUTPUT_DIR$group$count >> $OUTPUT
        logger group$count Ok
    fi

    if [ "$group$count" = "$group3" ]
        then
        sed -i 's/$/=filter3/' $OUTPUT_DIR$group$count
        more $OUTPUT_DIR$group$count >> $OUTPUT
        logger group$count Ok
    fi

    if [ "$group$count" = "$group4" ]
        then
        sed -i 's/$/=filter4/' $OUTPUT_DIR$group$count
               more $OUTPUT_DIR$group$count >> $OUTPUT
        logger group$count Ok
    fi

    if [ "$group$count" = "$group5" ]
        then
        sed -i 's/$/=filter5/' $OUTPUT_DIR$group$count
               more $OUTPUT_DIR$group$count >> $OUTPUT
        logger group$count Ok
    fi
    count=$(($count + 1))
done
service e2guardian restart

Reply all

Reply to author

Forward