Re: [squid-users] Repeated LDAP auth login prompt problem. from Chris Rosset on 2007-09-21 (squid-users)

From: Chris Rosset <Chris.Rosset@dont-contact.us>
Date: Fri, 21 Sep 2007 16:38:05 -0400

Just checking back,
Anyone know how to solve this repeated authentication prob?
I meant to say i think it's a problem with squid_ldap_group not
squid_ldap_auth(i think)

trying it command line returns successfull info:

/usr/local/squid2.6.16/libexec/squid_ldap_group -d -b
"cn=Organization,cn=Businesswire Employees,o=businesswire.com" -f
cn=nointernet uniquemember=uid=dmerrill* -h sfapp2.businesswire.com
dmerrill <password>

returns results such as:
connected OK
group filter 'cn=nointernet', searchbase
'cn=Organization,cn=Businesswire Employees,o=businesswire.com'
OK

>>> "Chris Rosset" <Chris.Rosset@businesswire.com> 9/19/2007 3:41:54 PM
>>>
I am having a problem with Ldap Auth/Squid. certain restricted users
being prompted multiple times for auth even though it should be
cached.

This behaviour happens with a site such as
http://www.euroinvestor.co.uk/
many others as well. It prompts them for the initial webpage then
various ad's on the page as well.

This also did not happen in squid2.5.6 but happens constantly in
squid2.6.14 or squid2.6.16, i am guessing its some ldap config setting
but who knows.

Config info etc:
Squid Cache: Version 2.6.STABLE16
configure options: '--prefix=/usr/local/squid2.6.16'
'--enable-basic-auth-helpers=LDAP'
'--enable-external-acl-helpers=ldap_group' '--enable-storeio=aufs,ufs

entries in squid.conf:
auth_param basic program
/usr/local/squid2.6.16/libexec/squid_ldap_auth
-d -P -b o=businesswire.com -h servername.businesswire.com -f (uid=%s)

auth_param basic children 15
auth_param basic realm Business Wire Internet logon - Use InsideTrak
username and password to log on
auth_param basic credentialsttl 1 minute
auth_param basic casesensitive off

external_acl_type sfapp2ldapgroup %LOGIN
/usr/local/squid2.6.16/libexec/squid_ldap_group -d -b
"cn=Organization,cn=Businessw
ire Employees,o=businesswire.com" -f (&(cn=%a)(uniquemember=uid=%v*))
-h sfapp2.businesswire.com

Or maybe it's an ACL thing but cant figure out why it worked in
squid2.5.6 but not in 2.6.16 with the same squid.conf config
paramters.
Debugging is on in the logs and login activity is shown.

Thanks
Received on Fri Sep 21 2007 - 14:38:33 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:02 MDT