RE: [squid-users] LDAP & Novell from Jay Turner on 2002-12-11 (squid-users)

From: Jay Turner <jturner@dont-contact.us>
Date: Thu, 12 Dec 2002 09:01:51 +0800

Thanks to all for your helpful replies.

Here is the current state of play.

I tried the following as suggested by Henrik:

ldapsearch -x -D cn=jay,ou=boss,o=Alpha -W -h 10.18.41.12
Enter LDAP Password: password
ldap_bind: Strong authentication required
additional info: This LDAP server does not accept cleartext passwords

So there you have it, this appears to be the cause of my problems.
As suggested there are two courses of action here, have the NDS server
accept clear-text passwords (easier, but far less secure) or start using TLS
(harder, but much more secure).

Obviously TLS is the correct option here.
Henrik when you say the current helper, are you referring to the one in
Squid2.5-STABLE2? Is the TLS support offered in Squid2.4-STABLE7? I'll guess
no.

You also have (patched), does this mean that the standard "out-of-the-box"
helper requires additional patching to make it work correctly with TLS?

Has an FAQ or how-to been created for this process yet? Am I the only one
that has experienced this (or is it due to my lack of Novell knowledge? Are
Novell users are already aware of all these issues?)

So, the next steps... what is now required is a version of the squid_LDAP
helper that supports TLS, an SSL certificate on the Novell server, and TLS
support on the Squid server (what exactly does this entail? just the
squid_LDAP helper?)

Thanks to all again
Regards
Jay

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Wednesday, 11 December 2002 10:42 PM
To: G Welter
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] LDAP & Novell

Which reminds me. Some LDAP directories only accepts simple bind if
protected by TLS encryption (SSL).

Both the OpenLDAP tools and the current (patched) Squid LDAP helpers
supports the use TLS, but it needs to be enabled with a -Z command line
option. And to use TLS you also need to have a SSL certificate installed
on the LDAP server and TLS support enabled in the server..

Regards
Henrik

ons 2002-12-11 klockan 14.43 skrev G Welter:
> Hi.
>
> Make sure that your LDAP accepts clear text passwords.
>
> Gerben.
Received on Wed Dec 11 2002 - 17:55:51 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:03 MST