Murat Isik wrote:
>Hello,
>
>I am trying to get squid authenticate with openldap. I have googled,
>searched the mail archives and read the mans but it is still not working. My
>slapd.conf:
>
>include /etc/openldap/schema/core.schema
>include /etc/openldap/schema/cosine.schema
>include /etc/openldap/schema/inetorgperson.schema
>include /etc/openldap/schema/nis.schema
>include /etc/openldap/schema/corba.schema
>include /etc/openldap/schema/misc.schema
>include /etc/openldap/schema/openldap.schema
>include /etc/openldap/schema/dyngroup.schema
>include /etc/openldap/schema/java.schema
>include /etc/openldap/schema/redhat/autofs.schema
>
>allow bind_v2
>
>pidfile /var/run/slapd.pid
>argsfile /var/run/slapd.args
>
>database bdb
>suffix "dc=muratisik,dc=homelinux,dc=org"
>rootdn "cn=Manager,dc=muratisik,dc=homelinux,dc=org"
>rootpw ortak_nokta
>
>directory /var/lib/ldap
>
>index objectClass eq,pres
>index ou,cn,mail,surname,givenname eq,pres,sub
>index uidNumber,gidNumber,loginShell eq,pres
>index uid,memberUid eq,pres,sub
>index nisMapName,nisMapEntry eq,pres,sub
>
>
>my openldap ldif:
>
>version: 1
>
># LDIF Export for: dc=muratisik,dc=homelinux,dc=org
># Generated by phpLDAPadmin ( http://phpldapadmin.sourceforge.net/ ) on June
>3, 2005 4:05 pm
># Server: My LDAP Server (127.0.0.1)
># Search Scope: sub
># Search Filter: (objectClass=*)
># Total Entries: 6
>
># Entry 1: dc=muratisik,dc=homelinux,dc=org
>dn: dc=muratisik,dc=homelinux,dc=org
>dc: muratisik
>o: muratisik.homelinux.org
>objectClass: dcObject
>objectClass: organization
>objectClass: top
>
># Entry 2: cn=Manager,dc=muratisik,dc=homelinux,dc=org
>dn: cn=Manager,dc=muratisik,dc=homelinux,dc=org
>cn: Manager
>objectClass: organizationalRole
>objectClass: top
>
># Entry 3: ou=squid,dc=muratisik,dc=homelinux,dc=org
>dn: ou=squid,dc=muratisik,dc=homelinux,dc=org
>ou: squid
>objectClass: top
>objectClass: organizationalUnit
>
># Entry 4: uid=murat,ou=squid,dc=muratisik,dc=homelinux,dc=org
>dn: uid=murat,ou=squid,dc=muratisik,dc=homelinux,dc=org
>uid: murat
>givenName: Murat
>sn: Isik
>cn: muratisik
>userPassword: secret
>loginShell: /bin/bash
>uidNumber: 504
>gidNumber: 504
>homeDirectory: /home/murat
>shadowMin: -1
>shadowMax: 999999
>shadowWarning: 7
>shadowInactive: -1
>shadowExpire: -1
>shadowFlag: 0
>objectClass: top
>objectClass: person
>objectClass: posixAccount
>objectClass: shadowAccount
>objectClass: inetOrgPerson
>
># Entry 5: uid=tester,ou=squid,dc=muratisik,dc=homelinux,dc=org
>dn: uid=tester,ou=squid,dc=muratisik,dc=homelinux,dc=org
>uid: tester
>givenName: tester
>sn: tester
>cn: tester
>userPassword: tester
>loginShell: /bin/bash
>uidNumber: 505
>gidNumber: 505
>homeDirectory: /home/tester
>shadowMin: -1
>shadowMax: 999999
>shadowWarning: 7
>shadowInactive: -1
>shadowExpire: -1
>shadowFlag: 0
>objectClass: top
>objectClass: person
>objectClass: posixAccount
>objectClass: shadowAccount
>objectClass: inetOrgPerson
>
># Entry 6: cn=squid_allowed,ou=squid,dc=muratisik,dc=homelinux,dc=org
>dn: cn=squid_allowed,ou=squid,dc=muratisik,dc=homelinux,dc=org
>cn: squid_allowed
>member: uid=tester,ou=squid,dc=muratisik,dc=homelinux,dc=org
>objectClass: groupOfNames
>objectClass: top
>
>
>my squid.conf:
>
>auth_param basic program /usr/lib/squid/squid_ldap_auth -b
>ou=squid,dc=muratisik,dc=homelinux,dc=org -f
>(&(uid=%s)(objectClass=inetOrgPerson)) -h 127.0.0.1
>
>
Have you tested the squid_ldap_auth binary in command line?
From ../squid-2.5.STABLEX/helpers/basic_auth/LDAP
type
nroff -man squid_ldap_auth.8 |more
>
>external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -b
>ou=squid,dc=muratisik,dc=homelinux,dc=org -B
>ou=squid,dc=muratisik,dc=homelinux,dc=org -F (uid=%s) -f
>(&(cn=%g)(member=%u)(objectClass=groupOfNames)) -h 127.0.0.1
>
>acl AUTENTIC proxy_auth REQUIRED
>acl INTERNET external ldap_group squid_allowed
>
>http_access allow INTERNET
>http_access allow AUTENTIC INTERNET
>
>
>When I enter the username and password (tester/tester) when the browser pops
>up the squid auth box, I get "Cache Access Denied."
>
>Thanks in advance.
>
>Have a nice day
>
>Murat Isik
>
>
>
-- Thanks Emilio C.Received on Fri Jun 03 2005 - 09:07:51 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:02 MDT