Re: [squid-users] squid+ldap authenticastion

From: Henrik Nordstrom <[email protected]>
Date: Tue, 20 Nov 2001 17:34:09 +0100

And what have you told to the (new) squid_ldap_auth program?

From what it looks you have not told that you want to use givenName
(BIND dn="UID=LARRY,O=USM"). Also, if you have organised your users into
different trees/organisation units then you must use the search method
for locating the user DN.

See the documentation provided with the new squid_ldap_auth program.

Further, from your log it looks like your did not bind as a user when
you executed ldap_search, but did an anonymous search (BIND dn="").

Regards
Henrik Nordstr�m
Squid Hacker

usha wrote:
>
> Thanks for your valuable Information,that I tried with squid-2.4.STABLE2.But
> stlill the same problem persists.
>
> Here I wnt to use 'givenName' in my ldif file as login name and have stored
> password in the same file.
>
> My slapdlog file shows the following when i executed
> ldapsearch command(working OK)
> and next authenticate squid in command line(but only got error
> display)
> ####
> Nov 20 17:56:22 ldap slapd[636]: daemon: socket() failed errno=97 (Address
> famil
> y not supported by protocol)
> Nov 20 17:56:22 ldap slapd[638]: slapd starting
> Nov 20 17:57:55 ldap squid[644]: Squid Parent: child process 646 started
> Nov 20 17:59:38 ldap slapd[640]: daemon: conn=0 fd=9 connection from
> IP=127.0.0.
> 1:1034 (IP=0.0.0.0:34049) accepted.
> Nov 20 17:59:38 ldap slapd[656]: conn=0 op=0 BIND dn="" method=128
> Nov 20 17:59:38 ldap slapd[656]: conn=0 op=0 RESULT tag=97 err=0 text=
> Nov 20 17:59:38 ldap slapd[656]: conn=0 op=1 SRCH base="o=usm" scope=2
> filter="(
> userPassword=*)"
> Nov 20 17:59:39 ldap slapd[656]: conn=0 op=1 SEARCH RESULT tag=101 err=0
> text=
> Nov 20 17:59:39 ldap slapd[656]: conn=0 op=2 UNBIND
> Nov 20 17:59:39 ldap slapd[656]: conn=-1 fd=9 closed
> Nov 20 18:02:24 ldap slapd[640]: daemon: conn=1 fd=9 connection from
> IP=127.0.0.
> 1:1035 (IP=0.0.0.0:34049) accepted.
> Nov 20 18:02:24 ldap slapd[657]: conn=1 op=0 BIND dn="UID=LARRY,O=USM"
> method=12
> 8
> Nov 20 18:02:24 ldap slapd[657]: conn=1 op=0 RESULT tag=97 err=49 text=
> Nov 20 18:02:24 ldap slapd[656]: conn=1 op=1 UNBIND
> Nov 20 18:02:24 ldap slapd[656]: conn=-1 fd=9 closed
> Nov 20 18:02:29 ldap slapd[640]: daemon: conn=2 fd=9 connection from
> IP=127.0.0.
> 1:1036 (IP=0.0.0.0:34049) accepted.
> ####
> Thanks and Regards
> Usha
>
> ----- Original Message -----
> From: Henrik Nordstrom <hno@squid-cache.org>
> To: usha mli <usha_mliin@yahoo.co.in>; <squid-users@squid-cache.org>
> Sent: Tuesday, November 13, 2001 12:23 PM
> Subject: Re: [squid-users] squid+ldap authenticastion
>
> > squid_ldap_auth default settings expects a directory using RFC2307
> structure
> > with a flat user namespace using uid as the users distinguished name.
> >
> > Please upgrade to squid_ldap_auth from Squid-2.4.STABLE2 or later. It has
> > undergone a major rewrite to make it easier to integrate with "other" LDAP
> > structures, and includes documentation on how to do so.
> >
> > First and almost only question you need to ask yourself is: What do you
> want
> > to use as login name?
> >
> > Note: Squid is not very happy about spaces in login names.
> >
> > Regards
> > Henrik Nordstr�m
> > Squid Hacker
> >
> >
> >
> > On Tuesday 13 November 2001 11.31, usha mli wrote:
> > > Im using openldap-2.0.18 with Linux 7.1 and its
> > > working ok.
> > > I could succeed with the commands ldapadd and
> > > ldapsearch.
> > >
> > > I tried to authenticate squid-2.4.STABLE1, the command
> > > squid_ldap_auth -b dc=dept,dc=com ldap
> > > results in Err.
> > >
> > >
> > >
> > >
> > > [root@ldap bin]# ldapsearch -x -b
> > > 'o=Dept'userPassword=*|more userPassword=*|more
> > > version: 2
> > >
> > > #
> > > # filter: userPassword=*
> > > # requesting: ALL
> > > #
> > >
> > > # Larry Anderson, MemberGroupA, dept
> > > dn: cn=Larry Anderson,ou=MemberGroupA,o=dept
> > > cn: Larry Anderson
> > > objectClass: top
> > > objectClass: person
> > > objectClass: organizationalPerson
> > > objectClass: inetOrgPerson
> > > mail: LAnderson@isp.com
> > > givenName: Larry
> > > userPassword:: bGFycnk=
> > > sn: Anderson
> > > ou: MemberGroupA
> > > businessCategory: ABC Inc.
> > > street: 14 Cherry St.
> > > l: Dallas
> > > --More--
> > >
> > > How could I authenticate squid with Ldap,whether i
> > > should apply patches for squid-2.4.STABLE1.Plz help in
> > > this regard
> > >
> > > thanks
> > > usha
> > >
> > >
> > >
> > > ____________________________________________________________
> > > Do You Yahoo!?
> > > Send a newsletter, share photos & files, conduct polls, organize chat
> > > events. Visit http://in.groups.yahoo.com
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
Received on Tue Nov 20 2001 - 10:10:29 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:04:21 MST