RE: [squid-users] SSL+LDAP authentication??

From: Chris Robertson <[email protected]>
Date: Mon, 10 Oct 2005 14:44:45 -0800

> -----Original Message-----
> From: Ibrahim Calisir [mailto:icalisir@metu.edu.tr]
> Sent: Monday, October 10, 2005 10:44 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] SSL+LDAP authentication??
>
>
> Hi
>
> I have googled and read nearly all the messages that are related to
> ssl+squid+auth, however I reached a point that squid
> https_port is not
> used as proxy port (according to message send to as an answer
> for "SSL
> Error: clientNegotiateSSL: Error negotiating SSL connection on.." in
> Wed, 21 Jan 2004 19:05:44 +0100 (CET) ). And I have discovered error
> message "SSL Error: clientNegotiateSSL: Error negotiating SSL
> connection
> on.." from my cache.log. However I want to use ssl+ldap
> authentication
> in my squid.

Are you using a self-signed certificate on the server? If so, you will likely need a line like...

TLS_REQCERT allow

...in your ldap.conf file (assuming openldap). Make sure you can successfully query your LDAP server from the command line. Then compare the command used to query with the auth_param line from your squid.conf

>
> Can anyone give me advice about secure authentication (LDAP) on squid?
>
> not: on the other hand there is message "Squid in accelerator
> mode with
> ssl on both sides." and says that client --[https]--> squid. How did
> they do this??

The patch available from http://devel.squid-cache.org/ssl/ is likely what you are looking for.

>
> ---
> Ibrahim Calisir
> METU
>

Chris

P.S. Searching for "ldaps" will net you more relevant hits than searching for "ssl" and "ldap".
Received on Mon Oct 10 2005 - 16:44:47 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:04 MST