RE: [squid-users] Squid + MSAD.

From: Ampugnani, Fernando <>
Date: Wed, 18 Feb 2004 09:36:10 -0600

Hi Henrik,
                I use ldapsearch to verify the filters and that answer ok. I
change ar-usertest by Test User in filters of squid-ldap_auth but don?t

[root@adsasprx001 libexec]# ldapsearch -x -h -D "cn=Test
User,ou=Varios,ou=Corp,ou=UsuariosyGrupos,ou=Arcos Dorados,dc=ar,dc=McDcorp"
-W objectclass=User
Enter LDAP Password:
version: 2

# filter: objectclass=User
# requesting: ALL

# search result
search: 2
result: 10 Referral
text: 0000202B: RefErr: DSID-03100693, data 0, 1 access points
        ref 1: 'examp'

ref: ldap://,dc=com

# numResponses: 1


[root@adsasprx001 libexec]# ./squid_ldap_auth -p -R -b "dc=ar,dc=McDcorp" -D
dorados,dc=ar,dc=McDcorp" -w "password" -f "(&(Test User=%s)
(ObjectClass=User))" -d
ar-testuser password
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

Any Idea??

Thanks in Advance.

-----Original Message-----
From: Henrik Nordstrom []
Sent: Wednesday, February 18, 2004 09:51
To: Ampugnani, Fernando
Cc: Squid Users
Subject: RE: [squid-users] Squid + MSAD.

On Wed, 18 Feb 2004, Ampugnani, Fernando wrote:

> Hi Henrik,
> I was seeing the example in squid_ldap_auth man and I
> replace it with my data. But when I execute them the same error I am
> receiving.
> [root@adsasprx001 libexec]# ./squid_ldap_auth -p -R -b dc=ar,dc=McDcorp -D
> cn=Squid,ou=Grupos,ou=Comunes,ou=UsuariosyGrupos,ou=Arcos
> Dorados,dc=ar,dc=McDcorp -w pawwsord -f
> (&(ar-testuser=%s)(ObjectClass=Person))
> bash: syntax error near unexpected token `&'

You need to quote the arguments to protect them from the shell when
executing from the command line if there is odd characters or if there is
arguments having spaces in them (such as your binddn). Nowdays Squid also
accepts quoted arguments in squid.conf.
./squid_ldap_auth -p -R -b "dc=ar,dc=McDcorp" -D
Dorados,dc=ar,dc=McDcorp" -w "pawwsord" -f

and in addition the filter does not look correct. Are you sure you have
added a ar-testuser attribute to the LDAP syntax of your user objects?
This is defenitely not a standard AD attribute.

And please use the squid-users mailinglist for Squid or squid_ldap_auth

If unsure on the filters use ldapsearch to look into what you have in the
directory. It takes the exact same bind and basedn argumetts.

Received on Wed Feb 18 2004 - 08:36:15 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:02 MST