[squid-users] squid ldapauth

From: Arno Seidel <[email protected]>
Date: Sun, 13 Jun 2004 14:47:12 +0200

Hi List,

i�ve several problems with
the squid ldap auth

i use following versions:
squid-2.5.STABLE1
openldap2-2.1.12
on SuSE 8.2 Pro (with all recent updates)

the ldap configuration works with samba and postfix

for the squid_ldapauth i use following configuration

/etc/squid_ldapauth.conf

# if not set, following defaults will be used:
  ldap-server : xxxx
  ldap-port : 389 # 389
  ldap-suffix : dc=bad,dc=de # constructed from `hostname -d`
  ldap-filter : (uid=%s)
  ldap-passwdfield: userPassword
  ldap-binddn : cn=squid,dc=bad,dc=de # i.e.
uid=squid,dc=domain,dc=top
  ldap-password : xxxxxx # LDAP password for above binddn
#

squid.conf:
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
error_directory /usr/share/squid/errors/German

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hour
auth_param basic program /usr/sbin/squid_ldapauth

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

cache_mem 42

cache_dir ufs /var/spool/squid/cache/ 2000 16 256

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl all src xxxxxxxx/255.255.255.0
acl allowed_hosts src xxxxxxxxx/255.255.255.0
acl SSL_ports port 443 563
acl CONNECT method CONNECT

http_access deny manager all
http_access allow allowed_hosts
http_access deny all

icp_access allow allowed_hosts
icp_access deny all

miss_access allow allowed_hosts
miss_access deny all

cache_mgr root@aseidel.com
cache_effective_user squid nogroup
visible_hostname nfs-1.bad.de

coredump_dir /var/spool/squid/cache/squid
http_port xxxxx:3128
#https_port 192.168.1.1:3129

authenticate_program /usr/sbin/squid_ldapauth

when i type in this command:
squid_ldapauth -v -q -l
i get following

squid_ldapauth[3222]: config - found key: 'ldap-server'
squid_ldapauth[3222]: config - got value: 'xxxx'
squid_ldapauth[3222]: config - found key: 'ldap-port'
squid_ldapauth[3222]: config - got value: '389'
squid_ldapauth[3222]: config - found key: 'ldap-suffix'
squid_ldapauth[3222]: config - got value: 'dc=bad,dc=de'
squid_ldapauth[3222]: config - found key: 'ldap-filter'
squid_ldapauth[3222]: config - got value: '(uid=%s)'
squid_ldapauth[3222]: config - found key: 'ldap-passwdfield'
squid_ldapauth[3222]: config - got value: 'userPassword'
squid_ldapauth[3222]: config - found key: 'ldap-binddn'
squid_ldapauth[3222]: config - got value: 'xxxxx'
squid_ldapauth[3222]: config - found key: 'ldap-password'
squid_ldapauth[3222]: config - got value: 'xxxxx'
squid_ldapauth[3222]: using ldap-server => 'xxxx'
squid_ldapauth[3222]: using ldap-port => '389'
squid_ldapauth[3222]: using ldap-suffix => 'dc=bad,dc=de'
squid_ldapauth[3222]: using ldap-filter => '(uid=%s)'
squid_ldapauth[3222]: using ldap-passwdfield => 'userPassword'
squid_ldapauth[3222]: using ldap-binddn => 'xxxxxxx'
squid_ldapauth[3222]: using ldap-password => 'xxxxx'
squid_ldapauth[3222]: ldap_bind failed

my ldap says:

Jun 13 14:43:03 xxx slapd[3008]: conn=43 op=0 RESULT tag=97 err=2
text=requested protocol version not allowed

my questions now are:

Do i something wrong in the configuration?
is there a way to specify the protokoll version?

regards

Arno
Received on Sun Jun 13 2004 - 06:47:25 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:02 MDT