Re: [squid-users] testing squid_ldap_auth from Henrik Nordstrom on 2003-09-08 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 08 Sep 2003 17:50:59 +0200

mån 2003-09-08 klockan 16.24 skrev Corrado Azzaloni:

> Thank you for response.
>
> My NDS tree is:
> o=main
> ou=msy
> ou=adr
> cn=myname
> ou=amm
> ou=swd
> ou=....
>
> From command line i wrote:
> /usr/lib/squid/squid_ldap_auth -b ou=msy,o=main -h 10.5.83.240 -p 389 -u cn
> or

Can not work as your user is cn=myname,ou=adr,ou=msy,o=main, not
cn=myname,ou=msy,o=main.

If you want to authenticate to users in multiple ou then you need to use
the search mode of the helper to first locate the users DN the helper
should bind to when validating the password. See the -f option.

> /usr/lib/squid/squid_ldap_auth -b ou=adr,ou=msy,o=main -h 10.5.83.240 -p
> 389 -u cn

Both of these will be rejected by NDS in default security configuration
of NDS as the login is not encrypted. See previous response how to tell
squid_ldap_auth to use LDAP over SSL to encrypt the traffic.

SSL encryption requires a SSL certificate to be installed in your NDS
server if not done already. See your NDS administrators guide for how to
install a certificate in the NDS server.

Note: The type of encryption expected by NDS is LDAPv2 over SSL, also
known as ldaps://. This is different from the more modern TLS encrypted
LDAP known as TLS encrypted LDAPv3 or STARTTLS.

> With ldapsearch i reached NDS tree, but i've to use -x option (simple auth).

-x just disables the use SASL. To actually use simple auth you also need
to use the -D and -W options to ldapsearch (both required).

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.
If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Mon Sep 08 2003 - 09:51:06 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:35 MST