Re: [squid-users] squid_ldap_auth

From: <[email protected]>
Date: Thu, 6 Nov 2003 17:23:03 -0600 (CST)

OK I have Authentication working with the following line.

auth_param basic program /usr/local/squid/bin/squid_ldap_auth -u cn -b
ou=techteam,ou=bdmn-master,dc=bdmn,dc=foo,dc=com 10.61.1.248

I found my account lives in an OU called techteam, my other issue is I
have other OU's at the same level as the ou of techteam.

How can I set my base to dc=bdmn,dc=foo,dc=com and then search below that
for my DN? Also is it possible to have squid authenticate the short or
login name rather than the user name. ie jdoe instead of Jane Doe?

I have some LDAP books on order, maybe this will make more sence to be
after I read them.

Thanks Henrik, You have been much help

Gary

> On Wed, 5 Nov 2003, Squid Users wrote:
>
>> Ok still stumped,
>>
>> namingContexts: DC=bdmn,DC=foo,DC=com
>> namingContexts: CN=Schema,CN=Configuration,DC=foo,DC=com
>> namingContexts: CN=Configuration,DC=foo,DC=com
>>
>> auth_param basic program /usr/local/squid/bin/squid_ldap_auth -u cn -b
>> cn=users,dc=bdmn,dc=foo,dc=com 10.61.1.248
>> auth_param basic children 5
>>
>> I am still unable to authenticate.
>
> Have you verified that the users are named as you think they are?
>
> Try
>
> ldapsearch -x -b "cn=users,dc=bdmn,dc=foo,dc=com" "" CN
>
> this should give you a list of your users in your "users" container and
> their CN (CommonName) attributes, each user starting with the DN
> (DistinguishedName) of their user object.
>
> Once you have the DN of a user you can inspect the details of this user
> using ldapserach
>
> ldapsearch -x -b "DN of a user" -s base ""
>
>
> You can also try using ldapsearch to login as the user
>
> ldapsearch -x -b "cn=users,dc=bdmn,dc=foo,dc=com" -D
> "cn=aloginname,cn=users,dc=bdmn,dc=foo,dc=com" -W "cn=aloginname"
>
>
> The -D flag specifies the DN of the user you want to log in as.
>
> After these excersises please see the examples in the squid_ldap_auth
> manual again.
>
>> auth_param basic program /usr/local/squid/bin/squid_ldap_auth -b
>> dc=bdmn,dc=foo,dc=com 10.61.1.248
>
> This certainly won't work with AD. With these parameters the
> squid_ldap_auth helper assumes the DN of the user object looks like
>
> uid=aloginname,dc=bdmn,dc=foo,dc=com
>
> which is not the case in AD or mostly any other LDAP directory.
>
> Regards
> Henrik
Received on Thu Nov 06 2003 - 16:23:05 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:10 MST