[squid-users] Problem with squid_ldap_auth and squid.conf

From: Matthias Dettling <m-dettling@dont-contact.us>
Date: Sat, 12 Feb 2005 23:41:02 +0100

I have a problem with the following configuration line:

authenticate_program /usr/lib/squid/squid_ldap_auth -u CN -b
CN=Users,DC=xyz,DC=local -D CN=Administrator,CN=Users,DC=xyz,DC=local -w
PASSWORD -s sub -f memberOf=CN=Internet,CN=Users,DC=xyz,DC=local IP-ADRESS

The strange thing is, that when I execute the following command on the
command line

echo "USER PASSWORD" | /usr/lib/squid/squid_ldap_auth -u CN -b
CN=Users,DC=xyz,DC=local -D CN=Administrator,CN=Users,DC=xyz,DC=local -w
PASSWORD -s sub -f memberOf=CN=Internet,CN=Users,DC=xyz,DC=local IP-ADRESS

I get an OK, but when I add it to the squid.conf then it doesn't work.
In the access.log then stands this:
Usage: squid_ldap_auth [options] ldap_server_name

         -b basedn (REQUIRED) base dn under which to search
         -f filter search filter to locate user DN
         -u userattr username DN attribute
         -s base|one|sub search scope
         -D binddn DN to bind as to perform searches
         -w bindpasswd password for binddn
         -p persistent LDAP connection
         -R do not follow referrals
         -a never|always|search|find
                                 when to dereference aliases

         If no search filter is specified, then the dn
<userattr>=user,basedn
         will be used (same as specifying a search filter of '<userattr>=',
         but quicker as as there is no need to search for the user DN)

         If you need to bind as a user to perform searches then use the
         -D binddn -w bindpasswd options

This is the normal error message, which you get with invalid parameters.
But that the same command works on the command line tells me, that the
command is correct.

When I use the following configuration line:

authenticate_program /usr/lib/squid/squid_ldap_auth -u CN -b
CN=Users,DC=xyz,DC=local -D CN=Administrator,CN=Users,DC=xyz,DC=local -w
PASSWORD IP-ADRESS

then it works also in the squid.conf.
So I think the parser of the squid.conf truncates the command after
authenticate_program.

When I make a wrapper script with the long command line from above then
it works also, but this is only a temporary solution for me.

Has someone had the same problem and does anyone know a real solution?

Regards
Matthias
Received on Sat Feb 12 2005 - 15:41:40 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST