[squid-users] squid+ldap authentication

From: usha <[email protected]>
Date: Fri, 30 Nov 2001 18:08:24 -0000

I Tried to execute ldap_search as user but failed , I could only by anonymous.

how should i tell to use givenName (BIND dn="UID=LARRY,O=USM") _____ as you asked me to do.
 Sorry for asking such a basic Q ! I could,nt find in Mail archieve.

Squid.conf is cinfigured as
authenticate_program /usr/local/squid/bin/squid_ldap_auth ldap.mydomain.com

My slapd.conf file

include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema

database ldbm
suffix "o=usm"
suffix "dc=ldap,dc=usm,dc=com"
rootdn "cn=Admin,dc=ldap,dc=usm,dc=com"
#rootdn "cn=Admin,o=usm"
rootpw secret
directory /usr/local/var/openldap-ldbm/
defaultaccess read
schemacheck on
lastmod on

index cn,sn,st pres,eq,sub
~

Thanks a lot
Usha

> > ----- Original Message -----
> > From: Henrik Nordstrom <hno@squid-cache.org>
> > To: usha mli <usha_mliin@yahoo.co.in>; <squid-users@squid-cache.org>
> > Sent: Tuesday, November 13, 2001 12:23 PM
> > Subject: Re: [squid-users] squid+ldap authenticastion

> And what have you told to the (new) squid_ldap_auth program?
>
> From what it looks you have not told that you want to use givenName
> (BIND dn="UID=LARRY,O=USM"). Also, if you have organised your users into
> different trees/organisation units then you must use the search method
> for locating the user DN.
>
> See the documentation provided with the new squid_ldap_auth program.
>
> Further, from your log it looks like your did not bind as a user when
> you executed ldap_search, but did an anonymous search (BIND dn="").
>
> Regards
> Henrik Nordstr�m
> Squid Hacker
>
>
>
> usha wrote:
> >
> > Thanks for your valuable Information,that I tried with
squid-2.4.STABLE2.But
> > stlill the same problem persists.
> >
> > Here I wnt to use 'givenName' in my ldif file as login name and have
stored
> > password in the same file.
> >
> > My slapdlog file shows the following when i executed
> > ldapsearch command(working OK)
> > and next authenticate squid in command line(but only got
error
> > display)
> > ####
> > Nov 20 17:56:22 ldap slapd[636]: daemon: socket() failed errno=97
(Address
> > famil
> > y not supported by protocol)
> > Nov 20 17:56:22 ldap slapd[638]: slapd starting
> > Nov 20 17:57:55 ldap squid[644]: Squid Parent: child process 646 started
> > Nov 20 17:59:38 ldap slapd[640]: daemon: conn=0 fd=9 connection from
> > IP=127.0.0.
> > 1:1034 (IP=0.0.0.0:34049) accepted.
> > Nov 20 17:59:38 ldap slapd[656]: conn=0 op=0 BIND dn="" method=128
> > Nov 20 17:59:38 ldap slapd[656]: conn=0 op=0 RESULT tag=97 err=0 text=
> > Nov 20 17:59:38 ldap slapd[656]: conn=0 op=1 SRCH base="o=usm" scope=2
> > filter="(
> > userPassword=*)"
> > Nov 20 17:59:39 ldap slapd[656]: conn=0 op=1 SEARCH RESULT tag=101 err=0
> > text=
> > Nov 20 17:59:39 ldap slapd[656]: conn=0 op=2 UNBIND
> > Nov 20 17:59:39 ldap slapd[656]: conn=-1 fd=9 closed
> > Nov 20 18:02:24 ldap slapd[640]: daemon: conn=1 fd=9 connection from
> > IP=127.0.0.
> > 1:1035 (IP=0.0.0.0:34049) accepted.
> > Nov 20 18:02:24 ldap slapd[657]: conn=1 op=0 BIND dn="UID=LARRY,O=USM"
> > method=12
> > 8
> > Nov 20 18:02:24 ldap slapd[657]: conn=1 op=0 RESULT tag=97 err=49 text=
> > Nov 20 18:02:24 ldap slapd[656]: conn=1 op=1 UNBIND
> > Nov 20 18:02:24 ldap slapd[656]: conn=-1 fd=9 closed
> > Nov 20 18:02:29 ldap slapd[640]: daemon: conn=2 fd=9 connection from
> > IP=127.0.0.
> > 1:1036 (IP=0.0.0.0:34049) accepted.
> > ####
> > Thanks and Regards
> > Usha
> >
> > ----- Original Message -----
> > From: Henrik Nordstrom <hno@squid-cache.org>
> > To: usha mli <usha_mliin@yahoo.co.in>; <squid-users@squid-cache.org>
> > Sent: Tuesday, November 13, 2001 12:23 PM
> > Subject: Re: [squid-users] squid+ldap authenticastion
> >
> > > squid_ldap_auth default settings expects a directory using RFC2307
> > structure
> > > with a flat user namespace using uid as the users distinguished name.
> > >
> > > Please upgrade to squid_ldap_auth from Squid-2.4.STABLE2 or later. It
has
> > > undergone a major rewrite to make it easier to integrate with "other"
LDAP
> > > structures, and includes documentation on how to do so.
> > >
> > > First and almost only question you need to ask yourself is: What do
you
> > want
> > > to use as login name?
> > >
> > > Note: Squid is not very happy about spaces in login names.
> > >
> > > Regards
> > > Henrik Nordstr�m
> > > Squid Hacker
> > >
> > >
> > >
> > > On Tuesday 13 November 2001 11.31, usha mli wrote:
> > > > Im using openldap-2.0.18 with Linux 7.1 and its
> > > > working ok.
> > > > I could succeed with the commands ldapadd and
> > > > ldapsearch.
> > > >
> > > > I tried to authenticate squid-2.4.STABLE1, the command
> > > > squid_ldap_auth -b dc=dept,dc=com ldap
> > > > results in Err.
> > > >
> > > >
> > > >
> > > >
> > > > [root@ldap bin]# ldapsearch -x -b
> > > > 'o=Dept'userPassword=*|more userPassword=*|more
> > > > version: 2
> > > >
> > > > #
> > > > # filter: userPassword=*
> > > > # requesting: ALL
> > > > #
> > > >
> > > > # Larry Anderson, MemberGroupA, dept
> > > > dn: cn=Larry Anderson,ou=MemberGroupA,o=dept
> > > > cn: Larry Anderson
> > > > objectClass: top
> > > > objectClass: person
> > > > objectClass: organizationalPerson
> > > > objectClass: inetOrgPerson
> > > > mail: LAnderson@isp.com
> > > > givenName: Larry
> > > > userPassword:: bGFycnk=
> > > > sn: Anderson
> > > > ou: MemberGroupA
> > > > businessCategory: ABC Inc.
> > > > street: 14 Cherry St.
> > > > l: Dallas
> > > > --More--
> > > >
> > > > How could I authenticate squid with Ldap,whether i
> > > > should apply patches for squid-2.4.STABLE1.Plz help in
> > > > this regard
> > > >
> > > > thanks
> > > > usha
> > > >
> > > >
> > > >
> > > > ____________________________________________________________
> > > > Do You Yahoo!?
> > > > Send a newsletter, share photos & files, conduct polls, organize
chat
> > > > events. Visit http://in.groups.yahoo.com
> >
> > _________________________________________________________
> > Do You Yahoo!?
> > Get your free @yahoo.com address at http://mail.yahoo.com


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Received on Fri Nov 30 2001 - 05:34:37 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:04:44 MST