I am trying to set up internet user access via ldap authentication and squid.
I have set up 2 groups in an ldap server one called test-allow one called test-deny . Each group has one test user in it. The ldap server is a Windows box. My test squid proxy is a Solaris 8 box. My squid.conf on the Solaris box reads:
auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b DC=vcn,DC=ds,DC=volvo,DC=net -f uid=%s -D cn=inetaccess01,ou=Service Accounts,ou=gso,ou=it,DC=vcn,DC=ds,DC=volvo,DC=net -w password -h ldapserver
auth_param basic children 5
auth_param basic realm squidbox proxy-caching web server
auth_param basic credentialsttl 2 hours
acl ldapauth proxy_auth REQUIRED
http_access allow ldapauth
external_acl_type inetaccess01 %LOGIN /usr/local/squid/libexec/squid_ldap_group
-b DC=vcn,DC=ds,DC=volvo,DC=net -f "(&(uid=%v)(cn=%a))" -D inetaccess01 -w password -h ldapserver
acl test-allow external inetaccess01 Testing
http_access allow test-allow
I get the following errors in the cache.log
2003/06/24 12:03:19| helperOpenServers: Starting 5 'squid_ldap_auth' processes
2003/06/24 12:03:21| helperOpenServers: Starting 5 'squid_ldap_group' processes
2003/06/24 12:03:21| Accepting HTTP connections at 0.0.0.0, port 80, FD 8.
2003/06/24 12:03:21| WCCP Disabled.
2003/06/24 12:03:21| Loaded Icons.
2003/06/24 12:03:21| Ready to serve requests.
squid_ldap_auth: WARNING, LDAP search error 'Timelimit exceeded'
squid_ldap_auth: WARNING, LDAP search error 'Timelimit exceeded'
squid_ldap_auth: WARNING, LDAP search error 'Timelimit exceeded'
Anyone got any ideas of what I am doing wrong? squid_ldap_match doesnt seem to help me much.
Regards
John Clark
Received on Tue Jun 24 2003 - 11:01:10 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:36 MST