RE: Re: [squid-users] squid_ldap_auth or squid_ldapauth supports MD5 ?

From: Joan Ramos Ramos <[email protected]>
Date: Mon, 17 Jan 2005 14:38:34 +0100 (CET)

>
>
>
>
> squid_ldap_auth supports whatever passwords encryption schemes supported
> by your LDAP server, using either ldap_simple_bind to bind to the user
> object in the LDAP tree or ldap_compare to compare the selected password
> attribute with the user supplied password. In both operations it is the
> LDAP server which determines if the password is valid or not.
>
>
 on my server only works if i have a Crypt (DES) password.
 
 I add a test user with password test:
 
 MD5:
 
 # squid_ldapauth -v -q -l
 squid_ldapauth[3656]: config - found key: 'ldap-server'
 squid_ldapauth[3656]: config - got value: '192.168.1.146'
 squid_ldapauth[3656]: config - found key: 'ldap-port'
 squid_ldapauth[3656]: config - got value: '389'
 squid_ldapauth[3656]: config - found key: 'ldap-suffix'
 squid_ldapauth[3656]: config - got value: 'o=unipost'
 squid_ldapauth[3656]: config - found key: 'ldap-filter'
 squid_ldapauth[3656]: config - got value: '(uid=%s)'
 squid_ldapauth[3656]: config - found key: 'ldap-passwdfield'
 squid_ldapauth[3656]: config - got value: 'userPassword'
 squid_ldapauth[3656]: using ldap-server => '192.168.1.146'
 squid_ldapauth[3656]: using ldap-port => '389'
 squid_ldapauth[3656]: using ldap-suffix => 'o=unipost'
 squid_ldapauth[3656]: using ldap-filter => '(uid=%s)'
 squid_ldapauth[3656]: using ldap-passwdfield => 'userPassword'
 squid_ldapauth[3656]: using ldap-binddn => ''
 squid_ldapauth[3656]: using ldap-password => ''
 squid_ldapauth[3656]: connection etablished - waiting for queries
 
 test test
 squid_ldapauth[3656]: ldap vals[0]= '{MD5}CY9rzUYh03PK3k6DJie09g=='
 squid_ldapauth[3656]: authentication request for 'test' - ERR
 ERR
 
 ^C
 
 Now i change the pass to Crypt (DES):
 
 # squid_ldapauth -v -q -l
 squid_ldapauth[3657]: config - found key: 'ldap-server'
 squid_ldapauth[3657]: config - got value: '192.168.1.146'
 squid_ldapauth[3657]: config - found key: 'ldap-port'
 squid_ldapauth[3657]: config - got value: '389'
 squid_ldapauth[3657]: config - found key: 'ldap-suffix'
 squid_ldapauth[3657]: config - got value: 'o=unipost'
 squid_ldapauth[3657]: config - found key: 'ldap-filter'
 squid_ldapauth[3657]: config - got value: '(uid=%s)'
 squid_ldapauth[3657]: config - found key: 'ldap-passwdfield'
 squid_ldapauth[3657]: config - got value: 'userPassword'
 squid_ldapauth[3657]: using ldap-server => '192.168.1.146'
 squid_ldapauth[3657]: using ldap-port => '389'
 squid_ldapauth[3657]: using ldap-suffix => 'o=unipost'
 squid_ldapauth[3657]: using ldap-filter => '(uid=%s)'
 squid_ldapauth[3657]: using ldap-passwdfield => 'userPassword'
 squid_ldapauth[3657]: using ldap-binddn => ''
 squid_ldapauth[3657]: using ldap-password => ''
 squid_ldapauth[3657]: connection etablished - waiting for queries
 
 test test
 squid_ldapauth[3657]: ldap vals[0]= '{CRYPT}IDV1FVNqCpls2'
 squid_ldapauth[3657]: authentication request for 'test' - OK
 OK
 
 why not works with MD5?
 
 thanks
 

Joan Ramos Ramos <mailto:joanr@uni-post.com>
Dpto. Inform�tica
Tel.: +34 932 232 552 (Ext. 260)
Fax.: +34 932 230 151
------------------------------------------------------------------------------------------------------------------------------------------------
Este mensaje es confidencial y ata�e exclusivamente a las personas a las que va dirigido.
Cualquier opini�n en el contenida, es exclusivo de su autor y no representa necesariamente
la opinion de UNIPOST, S.A.
Si Ud. no es el destinatario del mensaje, considerese advertido que lo ha recibido por error
y que cualquier difusi�n o copia estan terminantemente prohibidos. Si ha recibido por error,
por favor comuniquelo a UNIPOST, S.A. al n�mero +34 93 223 25 52 o correo electr�nico
a <support@unipost.es>.

This e-mail is confidential and intended solely for the use of the individual to whom it is addressed.
Any opinions presented are solely those of the author and do not necessarily represent those of
UNIPOST, S.A.
If you are not the intended recipient, be advised that you have received this e-mail in error and that
dissemination, forwarding or copying of this e-mail is strictly prohibited. If you have received this
e-mail in error please notify it to UNIPOST, S.A. by telephone on number +34 93 223 25 52 or by
e-mail to <support@unipost.es>.
------------------------------------------------------------------------------------------------------------------------------------------------
Received on Mon Jan 17 2005 - 06:46:55 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST