[squid-users] Group_ldap_auth problem

Hi,

I'm testing product group_ldap_auth.diff-2.4.STABLE3-1.2 with Squid-2.4.STABLE3 and I have a trouble. I compiled the to the binary file and give this command line in squid.conf
authenticate_program /usr/local/squid/libexec/squid/group_ldap_auth -b o=organization,c=cz -u uid -h sova.organization.cz -g cn -m member -o groupOfName -l /usr/local/squid/logs/auth_db_log

I know that some options are extra, because they are in default, but to be sure :-). The problem is, that when I start Squid, I can see in ldap server log, that squid was anonymously bind. When I give some URL to the browser, Squid asks me for name/password, I give it and the answer is, that the access is deny. When I was watching ldap server log, I can't see any LDAP search for my uid, but only anonymous bind is repeating. I used to debug_options in Squid conf file to see the authentication process and this is snip of them
2002/08/08 10:12:38| aclCheck: checking ' http_access allow user_acl'
2002/08/08 10:12:38| aclMatchAclList: checking user_acl
2002/08/08 10:12:38| aclDecodeProxyAuth: header = 'Basic a2FyZWw6a2FyZWw='
2002/08/08 10:12:38| aclDecodeProxyAuth: cleartext = 'user:user'
2002/08/08 10:12:38| aclMatchLdapAuth: checking user 'user'
2002/08/08 10:12:38| aclMatchLdapUserInAcl: checking user 'user'
2002/08/08 10:12:38| aclMatchLdapUserInAcl: looking at 'REQUIRED'
2002/08/08 10:12:38| aclMatchLdapUserInAcl: REQUIRED found in acl, user 'user' matches
2002/08/08 10:12:38| aclMatchLdapAuth: user 'user' not yet known
2002/08/08 10:12:38| aclMatchAclList: returning 0
2002/08/08 10:12:38| aclCheck: checking password via ldap authenticator
2002/08/08 10:12:38| aclDecodeProxyAuth: header = 'Basic a2FyZWw6a2FyZWw='
2002/08/08 10:12:38| aclDecodeProxyAuth: cleartext = 'user:user'
2002/08/08 10:12:38| aclLookupLdapAuthStart: going to ask ldap authenticator about user 'user'
2002/08/08 10:12:38| ldapAuthenticateStart: 'user:user'
2002/08/08 10:12:38| aclLookupLdapAuthDone: result = NULL
2002/08/08 10:12:38| cbdataValid: 0x82357f0
2002/08/08 10:12:38| aclCheck: checking ' http_access allow user_acl'
2002/08/08 10:12:38| aclMatchAclList: checking user_acl
2002/08/08 10:12:38| aclDecodeProxyAuth: header = 'Basic a2FyZWw6a2FyZWw='
2002/08/08 10:12:38| aclDecodeProxyAuth: cleartext = 'user:user'
2002/08/08 10:12:38| aclMatchLdapAuth: checking user 'user'
2002/08/08 10:12:38| aclMatchLdapUserInAcl: checking user 'user'
2002/08/08 10:12:38| aclMatchLdapUserInAcl: looking at 'REQUIRED'
2002/08/08 10:12:38| aclMatchLdapUserInAcl: REQUIRED found in acl, user 'user' matches
2002/08/08 10:12:38| aclMatchLdapAuth: authentication failed for user 'user', reason: unknown error
2002/08/08 10:12:38| aclMatchAclList: returning 0
2002/08/08 10:12:38| cbdataUnlock: 0x82357f0
2002/08/08 10:12:38| cbdataLock: 0x8235738
2002/08/08 10:12:38| cbdataValid: 0x8235738
2002/08/08 10:12:38| aclCheck: checking ' http_access allow group_acl'
2002/08/08 10:12:38| aclMatchAclList: checking group_acl
2002/08/08 10:12:38| aclDecodeProxyAuth: header = 'Basic a2FyZWw6a2FyZWw='
2002/08/08 10:12:38| aclDecodeProxyAuth: cleartext = 'user:user'
2002/08/08 10:12:38| aclMatchLdapAuth: checking user 'user'
2002/08/08 10:12:38| aclMatchLdapUserInAcl: checking user 'user'
2002/08/08 10:12:38| aclMatchLdapUserInAcl: looking at 'static'
2002/08/08 10:12:38| aclMatchLdapUserInAcl: group found in acl, user 'user' matches
2002/08/08 10:12:38| aclMatchLdapAuth: user 'user' not yet known
2002/08/08 10:12:38| aclMatchAclList: returning 0
2002/08/08 10:12:38| aclCheck: checking password via ldap authenticator
2002/08/08 10:12:38| aclDecodeProxyAuth: header = 'Basic a2FyZWw6a2FyZWw='
2002/08/08 10:12:38| aclDecodeProxyAuth: cleartext = 'user:user'
2002/08/08 10:12:38| aclLookupLdapAuthStart: going to ask ldap authenticator about user 'user'
2002/08/08 10:12:38| ldapAuthenticateStart: 'user:user'
2002/08/08 10:12:38| aclLookupLdapAuthDone: result = NULL

When I use group_ldap_auth in shell and passed my arguments according to the documentation, I got correct answers and in LDAP server log was record about about my search to asked uid.
Can you give me some tips, where the problem is?

Thanks,
Ruda Wolf.
Received on Thu Aug 08 2002 - 02:50:56 MDT