[squid-users] problem with squid and ldap over only SSL

Hello,
I'm compiled squid with ldap between other.
When I typed from command line:
/squid309/libexec/squid_ldap_auth -v 3 -b
"ou=Users,dc=rockmail,dc=net" -D "cn=admin,dc=rockmail,dc=net" -w
"secretpass" -s one -f "(&(objectClass=posixAccount)(uid=%s))" -H
ldaps://rock.rockmail.net:636
tata tata
OK
everything is all right.

Log from syslog, when is install ldap:
rock:/var/log# cat syslog
Sep 23 13:11:52 rock slapd[4878]: conn=19 fd=25 ACCEPT from
IP=192.168.5.10:33232 (IP=192.168.5.5:636)
Sep 23 13:11:53 rock slapd[4878]: conn=19 fd=25 TLS established
tls_ssf=128 ssf=128
Sep 23 13:11:53 rock slapd[4878]: conn=19 op=0 BIND
dn="cn=admin,dc=rockmail,dc=net" method=128
Sep 23 13:11:53 rock slapd[4878]: conn=19 op=0 BIND
dn="cn=admin,dc=rockmail,dc=net" mech=SIMPLE ssf=0
Sep 23 13:11:53 rock slapd[4878]: conn=19 op=0 RESULT tag=97 err=0 text=
Sep 23 13:11:53 rock slapd[4878]: conn=19 op=1 SRCH
base="ou=Users,dc=rockmail,dc=net" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=tata))"
Sep 23 13:11:53 rock slapd[4878]: conn=19 op=1 SRCH attr=1.1
Sep 23 13:11:53 rock slapd[4878]: conn=19 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Sep 23 13:11:53 rock slapd[4878]: conn=19 op=2 BIND anonymous
mech=implicit ssf=0
Sep 23 13:11:53 rock slapd[4878]: conn=19 op=2 BIND
dn="uid=tata,ou=Users,dc=rockmail,dc=net" method=128
Sep 23 13:11:53 rock slapd[4878]: conn=19 op=2 BIND
dn="uid=tata,ou=Users,dc=rockmail,dc=net" mech=SIMPLE ssf=0
Sep 23 13:11:53 rock slapd[4878]: conn=19 op=2 RESULT tag=97 err=0 text=
Sep 23 13:11:53 rock slapd[4878]: conn=19 op=3 UNBIND
Sep 23 13:11:53 rock slapd[4878]: conn=19 fd=25 closed

Then this command line
squid309/libexec/squid_ldap_auth -v 3 -b "ou=Users,dc=rockmail,dc=net"
-D "cn=admin,dc=rockmail,dc=net" -w "secretpass" -s one -f
"(&(objectClass=posixAccount)(uid=%s))" -H ldaps://rock.rockmail.net:636
I wrote in squid.conf.
Restarting squid and in firefox I'm trying to connect with for example
www.google.com
user tata password tata and ..........deny.

Log from syslog with ldap machine:
rock:/var/log# cat syslog
Sep 23 13:18:06 rock slapd[4878]: conn=21 fd=25 ACCEPT from
IP=192.168.5.10:54229 (IP=192.168.5.5:636)
Sep 23 13:18:06 rock slapd[4878]: conn=21 fd=25 closed (TLS
negotiation failure)
Log from squid:
thunder:/squid309/var/logs# cat cache.log
2008/09/23 10:58:30| Starting Squid Cache version 3.0.STABLE9 for
i586-pc-linux-gnu...
2008/09/23 10:58:30| Process ID 5000
2008/09/23 10:58:30| With 1024 file descriptors available
2008/09/23 10:58:30| Performing DNS Tests...
2008/09/23 10:58:30| Successful DNS name lookup tests...
2008/09/23 10:58:30| DNS Socket created at 0.0.0.0, port 50856, FD 10
2008/09/23 10:58:30| Adding domain rockmail.net from /etc/resolv.conf
2008/09/23 10:58:30| Adding nameserver 192.168.4.13 from /etc/resolv.conf
2008/09/23 10:58:30| helperOpenServers: Starting 5 'squid_ldap_auth'
processes
2008/09/23 10:58:30| Unlinkd pipe opened on FD 22
2008/09/23 10:58:30| Swap maxSize 102400 KB, estimated 2048 objects
2008/09/23 10:58:30| Target number of buckets: 102
2008/09/23 10:58:30| Using 8192 Store buckets
2008/09/23 10:58:30| Max Mem size: 18432 KB
2008/09/23 10:58:30| Max Swap size: 102400 KB
2008/09/23 10:58:30| Version 1 of swap file with LFS support detected...
2008/09/23 10:58:30| Rebuilding storage in /squid309/var/cache (DIRTY)
2008/09/23 10:58:30| Using Least Load store dir selection
2008/09/23 10:58:30| Set Current Directory to /squid309/var/cache
2008/09/23 10:58:31| Loaded Icons.
2008/09/23 10:58:31| Accepting HTTP connections at 192.168.5.10, port
3128, FD 24.
2008/09/23 10:58:31| HTCP Disabled.
Fatal: no entropy gathering module detected
Fatal: no entropy gathering module detected
Why?
Im very angry, because I don't have any idea.
How to resolv this problem?
Best Regards,
Bogdan

----------------------------------------------------
Zaczynała od stanowiska eskpediantki. Teraz mówią o niej
'caryca mody' lub 'demon'. Zobacz przepis na diablicę
wg. redaktor naczelnej amerykańskiego Vouge'a - ANNY WINTOUR.
Czytaj:http://klik.wp.pl/?adr=http%3A%2F%2Fcorto.www.wp.pl%2Fas%2Fwintour.html&sid=492
Received on Tue Sep 23 2008 - 11:23:37 MDT