Hello,
I am trying to get squid authenticate with openldap. I have googled,
searched the mail archives and read the mans but it is still not working. My
slapd.conf:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/redhat/autofs.schema
allow bind_v2
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
database bdb
suffix "dc=muratisik,dc=homelinux,dc=org"
rootdn "cn=Manager,dc=muratisik,dc=homelinux,dc=org"
rootpw ortak_nokta
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
my openldap ldif:
version: 1
# LDIF Export for: dc=muratisik,dc=homelinux,dc=org
# Generated by phpLDAPadmin ( http://phpldapadmin.sourceforge.net/ ) on June
3, 2005 4:05 pm
# Server: My LDAP Server (127.0.0.1)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 6
# Entry 1: dc=muratisik,dc=homelinux,dc=org
dn: dc=muratisik,dc=homelinux,dc=org
dc: muratisik
o: muratisik.homelinux.org
objectClass: dcObject
objectClass: organization
objectClass: top
# Entry 2: cn=Manager,dc=muratisik,dc=homelinux,dc=org
dn: cn=Manager,dc=muratisik,dc=homelinux,dc=org
cn: Manager
objectClass: organizationalRole
objectClass: top
# Entry 3: ou=squid,dc=muratisik,dc=homelinux,dc=org
dn: ou=squid,dc=muratisik,dc=homelinux,dc=org
ou: squid
objectClass: top
objectClass: organizationalUnit
# Entry 4: uid=murat,ou=squid,dc=muratisik,dc=homelinux,dc=org
dn: uid=murat,ou=squid,dc=muratisik,dc=homelinux,dc=org
uid: murat
givenName: Murat
sn: Isik
cn: muratisik
userPassword: secret
loginShell: /bin/bash
uidNumber: 504
gidNumber: 504
homeDirectory: /home/murat
shadowMin: -1
shadowMax: 999999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 0
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
# Entry 5: uid=tester,ou=squid,dc=muratisik,dc=homelinux,dc=org
dn: uid=tester,ou=squid,dc=muratisik,dc=homelinux,dc=org
uid: tester
givenName: tester
sn: tester
cn: tester
userPassword: tester
loginShell: /bin/bash
uidNumber: 505
gidNumber: 505
homeDirectory: /home/tester
shadowMin: -1
shadowMax: 999999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 0
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
# Entry 6: cn=squid_allowed,ou=squid,dc=muratisik,dc=homelinux,dc=org
dn: cn=squid_allowed,ou=squid,dc=muratisik,dc=homelinux,dc=org
cn: squid_allowed
member: uid=tester,ou=squid,dc=muratisik,dc=homelinux,dc=org
objectClass: groupOfNames
objectClass: top
my squid.conf:
auth_param basic program /usr/lib/squid/squid_ldap_auth -b
ou=squid,dc=muratisik,dc=homelinux,dc=org -f
(&(uid=%s)(objectClass=inetOrgPerson)) -h 127.0.0.1
external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -b
ou=squid,dc=muratisik,dc=homelinux,dc=org -B
ou=squid,dc=muratisik,dc=homelinux,dc=org -F (uid=%s) -f
(&(cn=%g)(member=%u)(objectClass=groupOfNames)) -h 127.0.0.1
acl AUTENTIC proxy_auth REQUIRED
acl INTERNET external ldap_group squid_allowed
http_access allow INTERNET
http_access allow AUTENTIC INTERNET
When I enter the username and password (tester/tester) when the browser pops
up the squid auth box, I get "Cache Access Denied."
Thanks in advance.
Have a nice day
Murat Isik
Received on Fri Jun 03 2005 - 08:15:30 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:02 MDT