[squid-users] LDAPv3 problems from Mike Branda on 2006-07-21 (squid-users)

From: Mike Branda <mike@dont-contact.us>
Date: Fri, 21 Jul 2006 16:06:21 -0400

Hello!

I am using squid-2.5.STABLE5-42.21 to access openldap2-2.2.27-6 LDAPv3.
I am running SuSE which includes 2 versions of squid ldap auth via RPM.
they are:

:~ # which squid_ldap_auth
/usr/sbin/squid_ldap_auth

:~ # which squid_ldapauth
/usr/sbin/squid_ldapauth

In trying to test the commands from the cli, I can get squid_ldapauth to
connect to the server via test account with an /etc/squid_ldapauth.conf
file of:

#
ldap-server : pdc.wackyworld.tv
ldap-port : 389
ldap-suffix : dc=wackyworld,dc=tv
ldap-filter : (uid=%s)
ldap-passwdfield: userPassword
ldap-binddn : uid=bobo,ou=Users,dc=wackyworld,dc=tv
ldap-password : bobo1

but I get this in the logs:

Jul 21 14:39:45 pdc slapd[26580]: conn=739 fd=16 ACCEPT from
IP=#removed#:38137 (IP=0.0.0.0:389)
Jul 21 14:39:45 pdc slapd[26580]: conn=739 op=0 BIND
dn="uid=bobo,ou=Users,dc=wackyworld,dc=tv" method=128
Jul 21 14:39:45 pdc slapd[26580]: conn=739 op=0 RESULT tag=97 err=2
text=historical protocol version requested, use LDAPv3 instead
Jul 21 14:39:45 pdc slapd[26580]: conn=739 fd=16 closed

So it's trying LDAPv2.

The only options for this command are

usage: squid_ldapauth [-h] [-v] [-q] [-l]
   -h this help text
   -v verbose mode - default is off
   -q log queries - default is off
   -l togle usage of syslog - default is on

so I can't use v3.

the other command:

squid_ldap_auth never connects. It just sits at a new line and never
returns to the prompt without a ctrl-c. I've tried many different
variations of:

squid_ldap_auth -b "ou=Users,dc=wackyworld,dc=tv" -s sub -h
pdc.wackyworld.tv -p 389 -v 3 -f "uid=%s"

including using several -D dn's -w "passwords" that are acl'd in LDAP
for all access. Still no connect in the LDAP logs and the program hangs
at a new line.

Any Ideas? I can ldapsearch with success all day from the same machine
squid resides on. It works fine. Why won't squid_ldap_auth connect?
How can I debug? I see nothing in syslog and the man page says:

--snip--

Debug mode where each step taken will get reported in detail.
Useful for understanding what goes wrong if the results is
not what is expected.

--/snip--

at the end but no option flag is listed. I've tried strace but see
nothing useful.

Thanks.

Mike Branda
Received on Fri Jul 21 2006 - 14:06:22 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:02 MDT