tis 2006-12-19 klockan 16:07 +0100 skrev michael.2006@gmx.net:
> I'm using squid_ldap_auth to authenticate against our LDAP server.
> Our LDAP server accepts only ldaps (port 636) and anonymouse simple bind is disabled.
> And now my problem... squid_ldap_auth doesn't work:
> $ echo "<user> <password>" | /usr/local/squid/libexec/squid_ldap_auth -u cn -b o=xxx -f "(&(cn=<user>)(groupMembership=cn=xxx,o=xxx))" -H ldaps://server.domain -v 3 -Z
> Could not Activate TLS connection
Hmm.. I don't think you can mix both ldaps (LDAP over SSL/TLS) and TLS
(TLS encryption within LDAP).. That would be double encryption and
probably not supported neither by OpenLDAP or your server. Try without
-Z.
Also note that ldaps is considered obsolete, and any new LDAPv3
implementations should use TLS instead. ldaps is only specified for
LDAPv2. But most LDAPv3 implementations also supporting LDAPv2 supports
ldaps for LDAPv3 as well.
Also if anonymous simple bind is disabled then you need to provide an
account squid_ldap_auth should use while performing the searches. But
that's the next step in the process after the connection has been
established..
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST