RE: LDAP authentication

From: R.Ilker Gokhan <IlkerG@dont-contact.us>
Date: Mon, 1 May 2000 16:17:37 +0300

Ok.. ;)
Firstly, I think you shouldn't add search base to authneticate_program
line.you should change your own search base into the squid_ldap_auth.c
(#define SEARCHBASE ...)
second, add the 28,6 29,5 to debug_options in squid.conf and observe
cache_log

Ilker G.

-----Original Message-----
From: Joel Taqueban [mailto:jtaqueba@apme-ops.dhl.com]
Sent: Monday, May 01, 2000 6:22 AM
To: R.Ilker Gokhan; squid-users@ircache.net
Subject: Re: LDAP authentication

Ilker,
I've made the changes on your advise but still I'm having "Proxy
authentication failed" message:
Here's my new acl
authenticate_program /usr/local/squid/bin/squid_ldap_auth myldapservername
acl LAN src 199.40.216.0/255.255.255.0
acl ldap proxy_auth REQUIRED
http_access allow LAN ldap
http_access deny all

I've even changed the authenticate line with a search base and port:
authenticate_program /usr/local/squid/bin/squid_ldap_auth o=dhl.com
myldapservername 389

Anything else I need to look into?
joel
R.Ilker Gokhan wrote:
 Try:authenticate_rpogram ....................acl LAN src
your_network_ip/subnet_maskacl ldap proxy_auth REQUIREDhttp_access allow LAN
ldap /* you should determine for authnetication which ip or user group or
destination domain etc..*/http_access deny allGood luckIlker G.
-----Original Message-----
From: Joel Taqueban [mailto:jtaqueba@apme-ops.dhl.com]
Sent: Monday, April 24, 2000 5:38 PM
To: R.Ilker Gokhan; squid-users@ircache.net
Subject: Re: LDAP authentication
 
Ilker,
I found this mail from the archive and tried to simulate having my users
authenticated first but I always get a 'Proxy Authentication failed" error.
even though my ldap server name is correct. What do you think is wrong.
authenticate_program /usr/local/squid/bin/squid_ldap_auth myldapservername
acl ldap proxy_auth REQUIRED
http_access allow ldap
http_access deny all
  
Please help
Joel
  
  
R.Ilker Gokhan wrote:
  
The authenticate_option is used to the older squid version. You should
remove it. Try in the squid.conf:
authenticate_program /usr/local/squid/bin/squid_ldap_auth <ldap_server_name>

Good luck..
Ilker G.
-----Original Message-----
From: David Minor [mailto:dminor@salud.unm.edu]
Sent: Wednesday, April 19, 2000 11:15 PM
To: squid-users@ircache.net
Subject: LDAP authentication
OK. We have been running squid for a while now with the
ncsa_auth authentication. This is fine as it goes, but we would l
ike to take advantage of our LDAP server for this purpose.
I have been trying to set this up using the external authentication
programs mentioned in the FAQ. Neither has been working for me.
Here is what I see:
1) The ldap_auth.c program. The instructions indicate that the
following line needs to be in squid.conf:
authenticate_options ldapserver.foo.bar 389 xxx uid
When this is there however squid start up with the error:
parseConfigFile: line 642 unrecognized: 'authenticate_options
ldapserver.foo.bar 389 xxx uid'
Should this work or is there something different that I should do?
2) With the squid_auth_ldap program, when I try to run make on it
I get an error about no rule to make target.
Sorry if these are basic questions but I don't see them in the list
archives.
(Of course I'm open to trying any other solution that works!)
BTW This is squid 2.3STABLE51on a RedHat machine.
Thanks,
david.
Received on Mon May 01 2000 - 07:19:19 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:12 MST