Thanks Henrik.
I want to share some information here which would help someone.
This is the exact command which did the trick for me.
auth_param basic program /usr/lib/squid/squid_ldap_auth -b
"ou=yyy,dc=xxx,dc=com" -H ldaps://ldapserver.domain.com:636 -v 3 -f
"uid=%s"
by running 'openssl s_client -connect ldap:636' I got to see the exact
Common Name (CN) and had specify in the command like above.
I got to see successful ldaps connections on my ldap server. Hopefully
-Z is no more needed for me. Please correct me if I am wrong.
To avoid sending plain text from browser to Squid proxy, I created a ssh
tunnel using my putty(from localhost port 8080 to proxy:8080), And I
specified localhost in the browser. This seems to be working fine,
except that I need to keep the putty session open always.
Obviously none of the users want to open a session on their desktop
browser while browsing. Now I am exploring a way to create this ssh
tunnel using some script which should not need any action from the end
user. I appreciate if someone has some information to share with.
Thanks,
Best Regards,
Bhagwan
-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: Friday, June 15, 2007 3:36 PM
To: Vootla, Bhagwan
Cc: squid-users@squid-cache.org; squid-dev@squid-cache.org
Subject: RE: Squid + ldap +ssl Secure authentication
fre 2007-06-15 klockan 12:42 -0400 skrev Vootla, Bhagwan:
> Using -Z option still returns me "Could not Activate TLS connection"
> I also tried with -p 636, which does not return me anything . Somehow
I
> need to implement this to meet the deadline (tomorrow).
-Z is LDAPv3 STARTTLS on the normal LDAP port.
To use the older LDAPv2 over SSL you need to use -H ldaps://servername/
Regards
Henrik
Received on Tue Jun 19 2007 - 15:16:07 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT