Re: [squid-users] LDAP helper/ NDS

fre 2003-06-27 klockan 13.03 skrev michel lodap:
> Hi all,
> I am having trouble configuring squid_ldap_auth.
> When I run squid_ldap_auth with the following configuration:
>
> ~#./squid ldap auth -b o=itcarlow -u cn -D cn=admin,ou=staff,o=itcarlow -w
> admin -h ipaddress
> and when I enter the username and passord bebe bebe
> the result is ERR

You should also specify a search filter, if not the helper will assume
your users are named "uid=<loginname>,o=itcarlow" which I am pretty
sure is not the case given the -D argument above..

> when I add this time -p 636 -Z to specify a secure connection I am getting
> nothing even though netstat tells me that a secure LDAP connection is
> established

Don't know.

> when i try this time the above configuration with a filter this is what i am
> getting
> squid ldap auth: WARNING, could not bind to bindn 'Strong(er) authentication
> required'

This usually indicates you need to use SSL or TLS, or to reconfigure the
LDAP server to allow unencrypted bind requests. Maybe more information
can be found in the logs of the LDAP server.

As I do not have any NDS servers I am afraid I am of limited help here.
What I do know is that the SSL support to the squid_ldap_auth helper was
added by a user who needed it to talk to NDS as NDS only implements
LDAPv2 over SSL and not LDAPv3/TLS and by default requires bind requests
to be encrypted (good security measure to protect users passwords in
general, but of limited value in combination with http as http is
already plaintext)

Checking on the status of the SSL support.. right. The LDAP over SSL
support is only available in the current development version of the
helper, not in the version shipped with Squid-2.5. To make this work you
need to get the squid_ldap_auth helper from the Squid-3 snapshots and
specify a ldaps:// URL to connect to. This helper also works with
Squid-2.5. Have made a mental note to consider if the squid_ldap_auth
helper should be upgraded for the upcoming Squid-2.5.STABLE4 release but
if you want to guarantee this is not forgotten please register a feature
request in bugzilla.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.
If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com