On 19/04/2012 6:59 p.m., Beto Moreno wrote:
> Hi people.
>
> I had been reading info about squid_ldap_auth vs windows 2003 AD
> server, I have some questions that would like to know if someone can
> clear my brain.
>
> squid 2.7.x.
http://www.squid-cache.org/Versions/v2/2.HEAD/manuals/squid_ldap_auth.html
> Went a user have special characters on his password, once the browser
> open the credential window it won't accept the user password and the
> cache.log say:
>
> squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
>
> Some knows this rare thing?
LDAP uses the word "bind" to mean query parameters for searching the
directory/database for something.
Adding the debug (-d) option may explain a bit.
>
> Second, what is the different between this to settings:
>
> auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v 3
> -b dc=example,dc=local -D cn=squid,cn=Users,dc=example,dc=local -w
> password -f "sAMAccountName=%s" -u uid -P 192.168.50.104:389
> auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v 3
> -b dc=example,dc=local -D "squid_at_example.local" -w password -f
> "sAMAccountName=%s" -u uid -P 192.168.50.104:389
The LDAP account used by Squid (-D option) differs in its representation
syntax. see LDAP protocol for what it all means.
> Both works.
>
> Last thing, do we need to use a super-user from AD to bind to the AD
> server? or we just need a normal user?
You just said the "squid_at_example.local" account worked. Minimal
privileges is recommended.
Amos
Received on Fri Apr 20 2012 - 14:39:44 MDT
This archive was generated by hypermail 2.2.0 : Fri Apr 20 2012 - 12:00:04 MDT