Re: [squid-users] squid_ldapauth

From: Emilio Casbas <ecasbas@dont-contact.us>
Date: Mon, 14 Jun 2004 12:01:06 +0200

Arno Seidel wrote:

>Hi List,
>
>i´ve several problems with
>the squid ldap auth
>
>i use following versions:
>squid-2.5.STABLE1
>openldap2-2.1.12
>on SuSE 8.2 Pro (with all recent updates)
>
>the ldap configuration works with samba and postfix
>
>for the squid_ldapauth i use following configuration
>
>/etc/squid_ldapauth.conf
>
># if not set, following defaults will be used:
> ldap-server : xxxx
> ldap-port : 389 # 389
> ldap-suffix : dc=bad,dc=de # constructed from `hostname -d`
> ldap-filter : (uid=%s)
> ldap-passwdfield: userPassword
> ldap-binddn : cn=squid,dc=bad,dc=de # i.e.
>uid=squid,dc=domain,dc=top
> ldap-password : xxxxxx # LDAP password for above binddn
>#
>
>squid.conf:
>hierarchy_stoplist cgi-bin ?
>acl QUERY urlpath_regex cgi-bin \?
>no_cache deny QUERY
>error_directory /usr/share/squid/errors/German
>
>auth_param basic children 5
>auth_param basic realm Squid proxy-caching web server
>auth_param basic credentialsttl 2 hour
>auth_param basic program /usr/sbin/squid_ldapauth
>
>
Don't you missing a parameter with the squid_ldapauth?
auth_param basic program /usr/sbin/squid_ldapauth /etc/squid_ldapauth.conf

>refresh_pattern ^ftp: 1440 20% 10080
>refresh_pattern ^gopher: 1440 0% 1440
>refresh_pattern . 0 20% 4320
>
>
>cache_mem 42
>
>cache_dir ufs /var/spool/squid/cache/ 2000 16 256
>
>acl manager proto cache_object
>acl localhost src 127.0.0.1/255.255.255.255
>acl all src xxxxxxxx/255.255.255.0
>acl allowed_hosts src xxxxxxxxx/255.255.255.0
>acl SSL_ports port 443 563
>acl CONNECT method CONNECT
>
>http_access deny manager all
>http_access allow allowed_hosts
>http_access deny all
>
>icp_access allow allowed_hosts
>icp_access deny all
>
>miss_access allow allowed_hosts
>miss_access deny all
>
>cache_mgr root@aseidel.com
>cache_effective_user squid nogroup
>visible_hostname nfs-1.bad.de
>
>coredump_dir /var/spool/squid/cache/squid
>http_port xxxxx:3128
>#https_port 192.168.1.1:3129
>
>
>authenticate_program /usr/sbin/squid_ldapauth
>
>
This acl isn't valid in squid-2.5 Serie
auth_param is the correct.

>
>when i type in this command:
>squid_ldapauth -v -q -l
>i get following
>
>squid_ldapauth[3222]: config - found key: 'ldap-server'
>squid_ldapauth[3222]: config - got value: 'xxxx'
>squid_ldapauth[3222]: config - found key: 'ldap-port'
>squid_ldapauth[3222]: config - got value: '389'
>squid_ldapauth[3222]: config - found key: 'ldap-suffix'
>squid_ldapauth[3222]: config - got value: 'dc=bad,dc=de'
>squid_ldapauth[3222]: config - found key: 'ldap-filter'
>squid_ldapauth[3222]: config - got value: '(uid=%s)'
>squid_ldapauth[3222]: config - found key: 'ldap-passwdfield'
>squid_ldapauth[3222]: config - got value: 'userPassword'
>squid_ldapauth[3222]: config - found key: 'ldap-binddn'
>squid_ldapauth[3222]: config - got value: 'xxxxx'
>squid_ldapauth[3222]: config - found key: 'ldap-password'
>squid_ldapauth[3222]: config - got value: 'xxxxx'
>squid_ldapauth[3222]: using ldap-server => 'xxxx'
>squid_ldapauth[3222]: using ldap-port => '389'
>squid_ldapauth[3222]: using ldap-suffix => 'dc=bad,dc=de'
>squid_ldapauth[3222]: using ldap-filter => '(uid=%s)'
>squid_ldapauth[3222]: using ldap-passwdfield => 'userPassword'
>squid_ldapauth[3222]: using ldap-binddn => 'xxxxxxx'
>squid_ldapauth[3222]: using ldap-password => 'xxxxx'
>squid_ldapauth[3222]: ldap_bind failed
>
>my ldap says:
>
>Jun 13 14:43:03 xxx slapd[3008]: conn=43 op=0 RESULT tag=97 err=2
>text=requested protocol version not allowed
>
>
>my questions now are:
>
>Do i something wrong in the configuration?
>is there a way to specify the protokoll version?
>
>
Test with squid_ldapauth -h
I think you have to specify the openldap
version with squid_ldapauth -v 2 | 3 or
similar.

Emilio C.
Received on Mon Jun 14 2004 - 04:01:11 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:02 MDT