[squid-users] basic_ldap_auth problem under Fedora

From: Jose-Marcio Martins <Jose-Marcio.Martins_at_mines-paristech.fr>
Date: Mon, 02 Jun 2014 22:23:35 +0200

Hello,

I'm trying to authenticate a squid server against an openldap server. It works fine if I don't try
TLS. When I do it, adding the "-Z" option, it doesn't work.

It's a Fedora 20 box running squid 3.3.12.

Helper is defined as follow at squid.conf :

auth_param basic program /usr/lib64/squid/basic_ldap_auth -b "ou=people,dc=domain,dc=fr" -u "uid" -f
"(|(mail=%s)(uid=%s))" -Z -h ldap.domain.fr

squid side logs shows :

2014/06/02 22:01:54.001 kid1| Starting new basicauthenticator helpers...
2014/06/02 22:01:54.001 kid1| helperOpenServers: Starting 1/5 'basic_ldap_auth' processes
Could not Activate TLS connection
2014/06/02 22:01:54.001 kid1| WARNING: basicauthenticator #1 exited
2014/06/02 22:01:54.001 kid1| Too few basicauthenticator processes are running (need 1/5)
2014/06/02 22:01:54.001 kid1| Starting new helpers
2014/06/02 22:01:54.001 kid1| helperOpenServers: Starting 1/5 'basic_ldap_auth' processes

openldap server shows :

Jun 2 22:01:56 paris-1 slapd[24429]: [ID 848112 local4.debug] conn=9893 fd=16 ACCEPT from
IP=194.214.158.NNN:36300 (IP=0.0.0.0:389)
Jun 2 22:01:56 paris-1 slapd[24429]: [ID 270379 local4.debug] conn=9893 op=0 EXT
oid=1.3.6.1.4.1.1466.20037
Jun 2 22:01:56 paris-1 slapd[24429]: [ID 560212 local4.debug] conn=9893 op=0 STARTTLS
Jun 2 22:01:56 paris-1 slapd[24429]: [ID 875301 local4.debug] conn=9893 op=0 RESULT oid= err=0 text=
Jun 2 22:01:56 paris-1 slapd[24429]: [ID 105384 local4.debug] conn=9893 fd=16 TLS established
tls_ssf=128 ssf=128
Jun 2 22:01:56 paris-1 slapd[24429]: [ID 485650 local4.debug] conn=9893 fd=16 closed (connection lost)

It seems that the openldap server agrees with TLS but the helper dies. Adding "-d" option doesn't
show anything interesting.

Any hint ?

Regards

José-Marcio

-- 
Received on Mon Jun 02 2014 - 20:23:49 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 04 2014 - 12:00:06 MDT