Re: [squid-users] squid_ldap_auth

From: Henrik Nordstrom <[email protected]>
Date: Thu, 6 Nov 2003 00:28:57 +0100 (CET)

On Wed, 5 Nov 2003, Squid Users wrote:

> Ok still stumped,
>
> namingContexts: DC=bdmn,DC=foo,DC=com
> namingContexts: CN=Schema,CN=Configuration,DC=foo,DC=com
> namingContexts: CN=Configuration,DC=foo,DC=com
>
> auth_param basic program /usr/local/squid/bin/squid_ldap_auth -u cn -b
> cn=users,dc=bdmn,dc=foo,dc=com 10.61.1.248
> auth_param basic children 5
>
> I am still unable to authenticate.

Have you verified that the users are named as you think they are?

Try

ldapsearch -x -b "cn=users,dc=bdmn,dc=foo,dc=com" "" CN

this should give you a list of your users in your "users" container and
their CN (CommonName) attributes, each user starting with the DN
(DistinguishedName) of their user object.

Once you have the DN of a user you can inspect the details of this user
using ldapserach

ldapsearch -x -b "DN of a user" -s base ""

You can also try using ldapsearch to login as the user

ldapsearch -x -b "cn=users,dc=bdmn,dc=foo,dc=com" -D
"cn=aloginname,cn=users,dc=bdmn,dc=foo,dc=com" -W "cn=aloginname"

The -D flag specifies the DN of the user you want to log in as.

After these excersises please see the examples in the squid_ldap_auth
manual again.

> auth_param basic program /usr/local/squid/bin/squid_ldap_auth -b
> dc=bdmn,dc=foo,dc=com 10.61.1.248

This certainly won't work with AD. With these parameters the
squid_ldap_auth helper assumes the DN of the user object looks like

   uid=aloginname,dc=bdmn,dc=foo,dc=com

which is not the case in AD or mostly any other LDAP directory.

Regards
Henrik
Received on Wed Nov 05 2003 - 16:29:05 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:09 MST