Re: [squid-users] squid_ldap_auth

Ok still stumped,

I run the following as asked with the following output:

  ldapsearch -x -h 10.61.1.248 -b "" -s base "" namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope base
# filter: (objectclass=*)
# requesting: namingContexts
#

#
dn:
namingContexts: DC=bdmn,DC=foo,DC=com
namingContexts: CN=Schema,CN=Configuration,DC=foo,DC=com
namingContexts: CN=Configuration,DC=foo,DC=com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

I then added in my squid conf file, I commented the ncsa_auth line
below and added the ldap_auth line.

#auth_param basic program /usr/local/squid/bin/squid ncsa_auth
/usr/local/squid/etc/passwd
auth_param basic program /usr/local/squid/bin/squid_ldap_auth -u cn -b
cn=users,dc=bdmn,dc=foo,dc=com 10.61.1.248
auth_param basic children 5

I am still unable to authenticate.

I also tried

auth_param basic program /usr/local/squid/bin/squid_ldap_auth -b
dc=bdmn,dc=foo,dc=com 10.61.1.248

Thanks

On Nov 5, 2003, at 10:08 AM, Henrik Nordstrom wrote:

> On Wed, 5 Nov 2003 squid@bantadigital.com wrote:
>
>> I could use some guidence configuring my squid installation with a
>> Windows
>> 2000 Active Directory forrest. I have read the past posts as well as
>> the
>> man page. I am very new to LDAP and will admit have not gotten my
>> arms
>> around it yet.
>>
>> My windows domain lives in an Active Directory Forrest my corporate
>> offices mantains. My domain lives at bdmdom.corp.com. I am trying to
>> connect and authenticate against my Exchange server at my location. I
>> have Admin rights over my domain.
>>
>> Can someone please point me in the correct direction or provide the
>> squid
>> config for an LDAP connection to Windows 2000?
>
>
> The first step is figuring out the Base DN of your AD server. This is
> usually the domain directly translated into dn components
>
>
> dn=bdmdom, dn=corp, dn=com
>
>
> it might also be possible to ask the AD server what it's naming
> contexts
> are:
>
> ldapsearch -x -h your.ad.server -b "" -s base "" namingContexts
>
> then, if your AD allows for anonymous searches you should be able to
> use
> the example from the squid_ldap_auth manual as is, just replacing the
> base
> DN.
>
>
> If your AD does not allow anonymous searches then a dummy account is
> needed to be created, and some digging required to find the LDAP name
> of
> this account. The LDAP name of the account can probably be found in the
> MSAD administration tool as a property of the account, if not you can
> try
> to guess what it is. Guessing is usually not to hard as there is a very
> close relation between AD structure and LDAP DN names of objects in
> that
> structure, where each container is named with a cn attribute in LDAP.
> Thus
> if you have the user "squid" in the container "users" then the LDAP DN
> of
> this user should be "cn=squid, cn=users, dc=bdmdom, dn=corp, dn=com".
>
>
> It is strongly adviced to use ldapsearch and other LDAP navigation
> tools
> to familarise yourself a little with how the AD looks like via LDAP.
> Things do get a whole lot more obvious once one has looked at the AD
> tree
> via LDAP a little.
>
> Regards
> Henrik
>
Received on Wed Nov 05 2003 - 15:09:22 MST