Re: [squid-users] ldap auth testing from Rick Whitley on 2004-07-28 (squid-users)

From: Rick Whitley <rickwh@dont-contact.us>
Date: Wed, 28 Jul 2004 09:46:43 -0500

Thanks for the tip, but I can't seem to make it work. I know that the id
and password are correct because I use them from another system (radius)
to authenticate via ldap. Here is what I am getting:

proxy2:echo "ctdlaptop f0ulb3ast" |
/usr/local/squid/libexec/squid_ldap_auth -b "ou=academics,o=dbu" -D
"cn=LDAPUser,ou=users,o=dbu" -w "n0neshall" -h 10.5.10.215
/usr/local/squid/libexec/squid_ldap_auth: line 1: ctdlaptop: command
not found

I'm confused!

rick...
Rom.5:8

>>> Tim Neto <tneto@komatsu.ca> 7/28/2004 8:03:12 AM >>>

A little trick not in the man pages or the docs.

When testing squid_ldap_auth or squid_ldap_group from the unix (Linux)

shell, you must pipe the username and password information into the
program. This is what Squid itself does. This stumped me for a bit
early on.

echo "<username>
<password>" | squid_ldap_auth -options...

Otherwise, when testing all you will get is "ERR".

Tim

-----------------------------------------------------------
Timothy E. Neto
Computer Systems Engineer Komatsu Canada Limited
Ph#: 905-625-6292 x265 1725B Sismet Road
Fax: 905-625-6348 Mississauga, Canada
E-Mail: tneto@komatsu.ca L4W 1P9
-----------------------------------------------------------

Rick Whitley wrote:

>I got ldapsearch to work. I used the -x option to use a simple bind.
>Amazing how much you find out when you read "all" the options instead
of
>stopping at the first one you need. Thanks for all the responses. Now
I
>know that squid can communicate with ldap, but I still can't get a
>response from squid_ldap_auth. Here is my request:
>
>squid_ldap_auth -b "ou=academics,o=dbu" -f "cn=whitleyr" -u cn -D
>"cn=LDAPUser,ou=users,o=dbu" -w "n0neshall" -h 10.5.10.215
>
>When I execute this request nothing happens, if I hit enter again I
get
>ERR. I have looked at the man pages for squid_ldap_auth but I don't
see
>anything wrong with my request. I need other eyes to take a look at
it.
>
>
>thanks for your time.
>
>
>rick...
>Rom.5:8
>
>
>
>>>>Henrik Nordstrom <hno@squid-cache.org> 7/27/2004 5:24:30 PM >>>
>>>>
>>>>
>On Tue, 27 Jul 2004, Rick Whitley wrote:
>
>
>
>>Thanks for the info. When I run ldapsearch I get the following
>>
>>
>message:
>
>
>>SASL/EXTERNAL authentication started
>>ldap_sasl_interactive_bind_s: unknown authentication method (86)
>> additional info: SASL(-4): no mechanism available:
>>
>>
>
>man ldapsearch, look for sasl.
>
>(-x option)
>
>Regards
>Henrik
>
>
>
>
Received on Wed Jul 28 2004 - 08:47:14 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:03 MDT