[squid-users] LDAP + SQUID = AUTH ERROR

From: Arias, Sebastian Alejandro - (Ext Arg) <[email protected]>
Date: Fri, 22 Aug 2003 12:43:55 -0300

Hello,

        I receive ERR messages at every time that I try to autenticate users
with the squid_auth_ldap script.

        I tried with:

        ./squid_auth_ldap -S 192.168.1.12 -D
"CN=username,OU=ITS,OU=Sistemas,OU=Cuentas de
usuario,dc=ar,dc=attla,dc=corp" -s "dc=ar,dc=attla,dc=corp" -w password -e
-U sAMAccountName

or with:

./squid_auth_ldap -S 192.168.1.12 -D
"CN=username,OU=ITS,OU=Sistemas,OU=Cuentas de
usuario,dc=ar,dc=attla,dc=corp" -s "dc=ar,dc=attla,dc=corp" -w password -e

I receive the following debug output:

[root@localhost auth]# ./squid_auth_ldap -S 192.168.1.12 -D
"CN=username,OU=ITS,OU=Sistemas,OU=Cuentas de
usuario,dc=ar,dc=attla,dc=corp" -s "dc=ar,dc=attla,dc=corp" -w password -e
squid_auth_ldap[11578]: - trying to connect to: 192.168.1.12:389
squid_auth_ldap[11578]: - connected to ldapServer 192.168.1.12:389
squid_auth_ldap[11578]: - bound to 192.168.1.12 as
CN=username,OU=ITS,OU=Sistemas,OU=Cuentas de usuario,dc=ar,dc=attla,dc=corp
squid_auth_ldap[11578]: - ready
USERX PASS
squid_auth_ldap[11578]: - got User: USERX
squid_auth_ldap[11578]: - got Password: th.l37kXYGZaI
squid_auth_ldap[11578]: - searchstr:
(&(|(objectClass=inetOrgPerson)(objectClass=alias)) (|
(sAMAccountName=USERX)))
squid_auth_ldap[11578]: - start searching for sAMAccountName: USERX
squid_auth_ldap[11578]: - search done
squid_auth_ldap[11578]: - user "USERX", not found!
ERR
squid_auth_ldap[11578]: - usr seba -> Cannot find user!

But if I try to take the list of users at this directory with the ldapsearch
I receive the following ...

[root@localhost auth]# ldapsearch -x -h 192.168.1.12 -D
'cn=user,ou=its,ou=sistemas,ou=cuentas de usuario,dc=ar,dc=attla,dc=corp' -w
password -b 'ou=cuentas de usuario,dc=ar,dc=attla,dc=corp' | more
version: 2

#
# filter: (objectclass=*)
# requesting: ALL
#

# Cuentas de Usuario,DC=ar,DC=attla,DC=corp
dn: OU=Cuentas de Usuario,DC=ar,DC=attla,DC=corp
dSCorePropagationData: 20010806213146.0Z
dSCorePropagationData: 16010101000001.0Z
instanceType: 4
distinguishedName: OU=Cuentas de Usuario,DC=ar,DC=attla,DC=corp
objectCategory:
CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=attla,DC=
 corp
objectClass: top
objectClass: organizationalUnit
objectGUID:: jWkEzCuY+EyBd6ZwJ7mWCg==
ou: Cuentas de Usuario
name: Cuentas de Usuario
uSNChanged: 10137458
uSNCreated: 29434
whenChanged: 20030804173421.0Z
whenCreated: 20010509144412.0Z

# Marco Regulatorio,Cuentas de Usuario,DC=ar,DC=attla,DC=corp
dn: OU=Marco Regulatorio,OU=Cuentas de Usuario,DC=ar,DC=attla,DC=corp
dSCorePropagationData: 20030804173421.0Z
dSCorePropagationData: 20030731190136.0Z
dSCorePropagationData: 20030724181152.0Z
dSCorePropagationData: 20010806213146.0Z
dSCorePropagationData: 16010714223649.0Z
instanceType: 4
distinguishedName: OU=Marco Regulatorio,OU=Cuentas de
Usuario,DC=ar,DC=attla,D
 C=corp
objectCategory:
CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=attla,DC=
 corp
objectClass: top
objectClass: organizationalUnit
objectGUID:: Fs/17ZKb+0Gam/YB63mHFg==
ou: Marco Regulatorio
name: Marco Regulatorio
uSNChanged: 74641
uSNCreated: 74641
whenChanged: 20010531185741.0Z
whenCreated: 20010531185741.0Z

and blah ...

I think that the path to reach the authtentication Its fine, would you think
because the script can't find the user? ....

TIA

_________________________________________
Sebasti�n Arias
Infraestructure & Technologies
AT&T Lat�n Am�rica, Argentina
Phone: [5411]5288-0524 - Fax: [5411]5288-0408

Este mensaje es confidencial. El mismo contiene informaci�n reservada
y que no puede ser difundida. Si usted ha recibido este e-mail
por error, por favor av�senos inmediatamente v�a e-mail y tenga la
amabilidad de eliminarlo de su sistema; no deber� copiar el mensaje
ni divulgar su contenido a ninguna persona. Muchas gracias.
 
This message is confidential. It contains information that is privileged and
legally exempt from disclosure. If you have received this e-mail by mistake,

please let us know immediately by e-mail and delete it from your system;
you should also not copy the message nor disclose its contents to anyone.
Thank You.
Received on Fri Aug 22 2003 - 09:47:40 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:04 MST