[squid-users] Problem with squid_ldap_auth

Hi all,

I've installed a proxy server on a Fedora core 2 PC. It works. (I use Squid
2.5.STABLE5)
I've installed a ldap server on an other Fedora Core 2 PC . it works also. (I
can configure kmail on a mandrake 10 client to receive data from the ldap
server).
I've configured squid.conf to reject a client which is not authenticated with
his ldap login and ldap password.

In the Squid.conf I have :
auth_param basic program /usr/lib/squid/squid_ldap_auth -b dc=IMC,dc=com -D
cn=admin,dc=IMC,dc=com -w password -f (&(objectclass=person) (cn=%s)) -h
192.168.1.60
auth_param basic children 5
auth_param basic realm Identification ldap pour SQUID
auth_param basic credentialsttl 2 hours
.....
acl ldap-auth proxy_auth REQUIRED
http_access deny !ldap-auth

The configuration of the user test with ldap is :

dn: cn=yconan,ou=Production,dc=IMC,dc=com
objectclass: person
objectclass: organizationalPerson
cn:yconan
sn: Conan
telephoneNumber: 2563
description: user test
userPassword: yann

If I use my web browser and when I try to connect to a website I have to give
a login and a password in a dialog box and the result
in /var/log/squig/access.log is this one:
1099476977.386 86 192.168.1.42 TCP_DENIED/407 1714 GET
http://www.google.fr/ yconan NONE/- text/html

then to try to find where is the problem I done that in command line:
# ./squid_ldap_auth -P -R -b 'dc=IMC,dc=com' -D 'cn=admin,dc=IMC,dc=com' -w
password -f 'cn=%s' -h 192.168.1.40
yconan yann
squid_ldap_auth: WARNING, could not bind to binddn 'Protocol error'
squid_ldap_auth: WARNING, could not bind to binddn 'Protocol error'
ERR
# ./squid_ldap_auth -b 'dc=IMC,dc=com' -D 'cn=admin,dc=IMC,dc=com' -w secret
-h 192.168.1.40
yconan yann
ERR

I 've installed a ldap client on my Squid server. And I am able to connect to
my ldap server :I can make succesfull "ldapsearch" and "ldapadd" from my
squid server to my ldap server.

Do you have any ideas about my problem ?

Best regards,
Yann Conan
Received on Wed Nov 03 2004 - 02:47:26 MST