SquidGuard update with LDAP

Version 1.0
Software used in Version 1.0.
GPL License
Software distributed under
GNU GPL license.

Note: You must configure this script correctly.


How the script works :

  1. LDAP server detection.
  2. For each group in DB_USER_DIR, we get the users in the group.
  3. We add upper and lower case useranme in the right files.
  4. We recompile the SquidGuard files.
  5. We reload Squid and it will automatically reload SquidGuard.


Todo :

  • Automatic category detection into LDAP directory. 


#!/bin/bash
#
# Copyright @2006 Savoir-faire Linux, http://www.savoirfairelinux.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#

DB_USER_DIR=/var/lib/squidguard/db/users/
EMAIL_ALERT=root@domain.tld

cd $DB_USER_DIR

if [ `ping -c 3 192.168.1.2 | grep packets | cut -d' ' -f4` != 0 ];  then LDAP_SERVER=192.168.1.2
elif [ `ping -c 3 192.168.1.3 | grep packets | cut -d' ' -f4` != 0 ];  then LDAP_SERVER=192.168.1.3
elif [ `ping -c 3 192.168.1.4 | grep packets | cut -d' ' -f4` != 0 ];  then LDAP_SERVER=192.168.1.4
fi

tmpf=`mktemp`
tmpf01=`mktemp`

# for each group
for list in `ls`; do

        # Get group members
        ldapsearch -x \
                -s sub \
                -b dc=domain,dc=tld \
                -D cn=isak,cn=Users,dc=domain,dc=tld \
                -w RESEAU \
                -H ldap://$LDAP_SERVER \
                "(sAMAccountName=$list)" member > $tmpf

                # member:
                grep "^member: " < $tmpf | \
                sed -e 's/^member: .*CN=\(.*\),[CcOo][NnUu]=.*$/\1/' | \
                tr '[:upper:]' '[:lower:]' > $tmpf01


                # member:: BASE64
                grep -A1 'member::' $tmpf | \
                perl -pi -e 's/\s+//g' | \
                sed -e 's/--//g' -e 's/member::/\n/g' | \
                perl -MMIME::Base64 -ne 'print decode_base64($_);' | \
                sed -e 's/CN=/\nCN=/g' | \
                sed -e 's/CN=\([^,]*\),.*$/\1/' | \
                grep -v "^$" | \
                tr [:upper:] [:lower:] >> $tmpf01

                sed -e 's/^cn=//g' $tmpf01 | cut -d, -f1 > $list

                cat $list | tr '[:lower:]' '[:upper:]' > $tmpf01
                cat $tmpf01 >> $list
done

# cleanup
rm -f $tmpf
rm -f $tmpf01

/usr/bin/squidguard -C all
/etc/init.d/squid reload

ls -ls | grep "^0"
[ $? == 1 ] || ls -lh | mail -s "DOMAIN.TLD : Unable to update user lists" $EMAIL_ALERT

# EOF
Retrieved from "http://isak.gplindustries.com/wiki/SquidGuard_update_with_LDAP"