Re: [squid-users] ldap auth testing

Hello Rick,

I went back and double checked my notes. squid_ldap_auth expect the
following input.

    echo "userPassword: <password>" | <path>/squid_ldap_auth -h <ldap
server> -p <port> -P -b <ldap root> -f "uid=<user ID>"

You may have other options for squid_ldap_auth than what I use. Like
"-x" for example.

This should help though.

Tim

-----------------------------------------------------------
Timothy E. Neto
 Computer Systems Engineer Komatsu Canada Limited
 Ph#: 905-625-6292 x265 1725B Sismet Road
 Fax: 905-625-6348 Mississauga, Canada
 E-Mail: tneto@komatsu.ca L4W 1P9
-----------------------------------------------------------

Rick Whitley wrote:

>Thanks for the tip, but I can't seem to make it work. I know that the id
>and password are correct because I use them from another system (radius)
>to authenticate via ldap. Here is what I am getting:
>
>proxy2:echo "ctdlaptop f0ulb3ast" |
>/usr/local/squid/libexec/squid_ldap_auth -b "ou=academics,o=dbu" -D
>"cn=LDAPUser,ou=users,o=dbu" -w "n0neshall" -h 10.5.10.215
>/usr/local/squid/libexec/squid_ldap_auth: line 1: ctdlaptop: command
>not found
>
>I'm confused!
>
>rick...
>Rom.5:8
>
>
>
>>>>Tim Neto <tneto@komatsu.ca> 7/28/2004 8:03:12 AM >>>
>>>>
>>>>
>
>A little trick not in the man pages or the docs.
>
>When testing squid_ldap_auth or squid_ldap_group from the unix (Linux)
>
>shell, you must pipe the username and password information into the
>program. This is what Squid itself does. This stumped me for a bit
>early on.
>
>echo "<username>
><password>" | squid_ldap_auth -options...
>
>Otherwise, when testing all you will get is "ERR".
>
>Tim
>
>-----------------------------------------------------------
>Timothy E. Neto
> Computer Systems Engineer Komatsu Canada Limited
> Ph#: 905-625-6292 x265 1725B Sismet Road
> Fax: 905-625-6348 Mississauga, Canada
> E-Mail: tneto@komatsu.ca L4W 1P9
>-----------------------------------------------------------
>
>
>
>Rick Whitley wrote:
>
>
>
>>I got ldapsearch to work. I used the -x option to use a simple bind.
>>Amazing how much you find out when you read "all" the options instead
>>
>>
>of
>
>
>>stopping at the first one you need. Thanks for all the responses. Now
>>
>>
>I
>
>
>>know that squid can communicate with ldap, but I still can't get a
>>response from squid_ldap_auth. Here is my request:
>>
>>squid_ldap_auth -b "ou=academics,o=dbu" -f "cn=whitleyr" -u cn -D
>>"cn=LDAPUser,ou=users,o=dbu" -w "n0neshall" -h 10.5.10.215
>>
>>When I execute this request nothing happens, if I hit enter again I
>>
>>
>get
>
>
>>ERR. I have looked at the man pages for squid_ldap_auth but I don't
>>
>>
>see
>
>
>>anything wrong with my request. I need other eyes to take a look at
>>
>>
>it.
>
>
>>thanks for your time.
>>
>>
>>rick...
>>Rom.5:8
>>
>>
>>
>>
>>
>>>>>Henrik Nordstrom <hno@squid-cache.org> 7/27/2004 5:24:30 PM >>>
>>>>>
>>>>>
>>>>>
>>>>>
>>On Tue, 27 Jul 2004, Rick Whitley wrote:
>>
>>
>>
>>
>>
>>>Thanks for the info. When I run ldapsearch I get the following
>>>
>>>
>>>
>>>
>>message:
>>
>>
>>
>>
>>>SASL/EXTERNAL authentication started
>>>ldap_sasl_interactive_bind_s: unknown authentication method (86)
>>> additional info: SASL(-4): no mechanism available:
>>>
>>>
>>>
>>>
>>man ldapsearch, look for sasl.
>>
>>(-x option)
>>
>>Regards
>>Henrik
>>
>>
>>
>>
>>
>>
>
>
>
Received on Wed Jul 28 2004 - 09:46:32 MDT