RE: [squid-users] squid_ldap_auth problem

From: <jeff.richards@dont-contact.us>
Date: Wed, 15 Oct 2003 13:16:34 +1000

Thanks Sebastian, that gets around it.

Jeff

--
Jeff Richards
Technical Consultant
Unix Enterprise Services
jeff.richards@centrelink.gov.au
Tel: +61 2 6219 8125
                                                                                                                                   
                      "Arias, Sebastian                                                                                            
                      Alejandro - (Ext         To:       "'jeff.richards@centrelink.gov.au'" <jeff.richards@centrelink.gov.au>,    
                      Arg)"                     'Squid Users' <squid-users@squid-cache.org>                                        
                      <Sebastian.Arias@        cc:                                                                                 
                      attla.com>               Subject:  RE: [squid-users] squid_ldap_auth problem                                 
                                                                                                                                   
                      14/10/2003 10:03                                                                                             
                                        |---------------------|                                                                    
                                        | ( ) Urgent(4 hours) |                                                                    
                                        | (*) Normal(24-48)   |                                                                    
                                        | ( ) Low(72 hours)   |                                                                    
                                        |---------------------|  Expires on                                                        
                                                                                                                                   
                                                                                                                                   
                                                                                                                                   
                                                                                                                                   
                                                                                                                                   
Try with a .sh file named auth_ldap with the following content:
#!/bin/sh
./squid_ldap_auth  -b "ou=xxxx,o=yyyy,c=zz"  -u  cn  -s  sub  -D
"cn=wwww,ou=xxxx,o=yyyy,c=zz,"  -w  <password>  -f  "<filter here>"
ldap_ip_address
and then call the bash script in the squid.conf file ... don't forget to
give permisses to squid to read and execute the script ....
Good Luck.
_________________________________________
Sebastián Arias
Infraestructure & Technologies
AT&T Latín América, Argentina
Phone: [5411]5288-0524 - Fax: [5411]5288-0408
-----Mensaje original-----
De: jeff.richards@centrelink.gov.au
[mailto:jeff.richards@centrelink.gov.au]
Enviado el: Martes, 14 de Octubre de 2003 04:19 a.m.
Para: Squid Users
Asunto: [squid-users] squid_ldap_auth problem
Hi
I'm trying to configure Squid 2.4.STABLE7, running on SuSE, to ldap
authenticate against eDirectory.
I have a working ldap query, which works just fine at the command line
using squid_ldap_auth:
./squid_ldap_auth  -b "ou=xxxx,o=yyyy,c=zz"  -u  cn  -s  sub  -D
"cn=wwww,ou=xxxx,o=yyyy,c=zz,"  -w  <password>  -f  "<filter here>"
ldap_ip_address
This successfully connects to the server and validates or errors user name
and password combinations correctly.
In squid.conf, I have:
acl all src 0.0.0.0/0.0.0.0
acl password proxy_auth REQUIRED
http_access allow password
http_access deny all
PROBLEM: when I try to open a page and enter the user name and password at
the prompt, I just get the following error in cache.log:
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid DN syntax'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid DN syntax'
and the prompt re-appears. But this DN is fine when run from the command
line.
I did notice that I get a TCP_DENIED message in access.log AS the prompt
flashes up (i.e. BEFORE I've actually entered my details (not sure whether
this is relevant or not)), as well as after.
Any help appreciated.
Regards
Jeff
--
Jeff Richards
Technical Consultant
Unix Enterprise Services
jeff.richards@centrelink.gov.au
Tel: +61 2 6219 8125
Important:  This e-mail is intended for the use of the addressee and may
contain information that is confidential, commercially valuable or subject
to legal or parliamentary privilege.  If you are not the intended recipient
you are notified that any review, re-transmission, disclosure, use or
dissemination of this communication is strictly prohibited by several
Commonwealth Acts of Parliament.  If you have received this communication
in
error please notify the sender immediately and delete all copies of this
transmission together with any attachments.
Este mensaje es confidencial. El mismo contiene información reservada
y que no puede ser difundida. Si usted ha recibido este e-mail
por error, por favor avísenos inmediatamente vía e-mail y tenga la
amabilidad de eliminarlo de su sistema; no deberá copiar el mensaje
ni divulgar su contenido a ninguna persona. Muchas gracias.
This message is confidential. It contains information that is privileged
and
legally exempt from disclosure. If you have received this e-mail by
mistake,
please let us know immediately by e-mail and delete it from your system;
you should also not copy the message nor disclose its contents to anyone.
Thank You.
Received on Tue Oct 14 2003 - 21:16:41 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:29 MST