[squid-users] squid_ldap_auth just hangs

From: Ben Stokes <ben_at_ukstokes.com>
Date: Thu, 11 Jun 2009 21:41:39 +0100

Hi all,

I'm unable to get squid_ldap_auth to do anything against my LDAP
source which is a Windows 2003 native mode domain controller. Here's
my latest iteration of failed attempts, although I have also tried
many variations of the below.

/usr/lib64/squid/squid_ldap_auth \
-b "dc=corp,dc=ads" \
-h 10.11.2.48 \
-p 389 \
-D "CN=svc_squid,OU=Service Accounts,OU=Service & Admin
Accounts,DC=corp,DC=ads" \
-w password \
-f "sAMAccountName=%s"

What happens next is nothing - it just sits at a new line. Doesn't
seem to ever time out or give any kind of output, even if I try using
the -c or -t options. I can telnet to my dc on port 389 and it
connects OK so I know network/DNS are working OK. The user account is
new and the password is OK. i tried using  -v 2 and -v 3 and neither
worked.

I tested using ldapsearch and it was successful, using:

ldapsearch -x \
-b "OU=Service Accounts,OU=Service & Admin Accounts,DC=corp,DC=ads" \
-h 10.11.2.48 \
-D "CN=svc_squid,OU=Service Accounts,OU=Service & Admin
Accounts,DC=corp,DC=ads" \
-W "cn=sqlmailbox"

... I get a load of information back about the user account.

# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1

What am I doing wrong with squid_ldap_auth? I've tried it on 2 servers
and the same thing happens (Red Hat x64 and Ubuntu x32), so it's not
distro related or due to a specific version of Squid. I'm guessing I
am missing some options but reading through the help file and mailing
list archive is not getting me anywhere. Any thoughts welcomed.

Yours in confusion,
Ben Stokes
Received on Thu Jun 11 2009 - 20:41:52 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 12 2009 - 12:00:03 MDT