fre 2003-06-27 klockan 13.03 skrev michel lodap: > Hi all, > I am having trouble configuring squid_ldap_auth. > When I run squid_ldap_auth with the following configuration: > > ~#./squid ldap auth -b o=itcarlow -u cn -D cn=admin,ou=staff,o=itcarlow -w > admin -h ipaddress > and when I enter the username and passord bebe bebe > the result is ERR
You should also specify a search filter, if not the helper will assume your users are named "uid=<loginname>,o=itcarlow" which I am pretty sure is not the case given the -D argument above.. > when I add this time -p 636 -Z to specify a secure connection I am getting > nothing even though netstat tells me that a secure LDAP connection is > established Don't know. > when i try this time the above configuration with a filter this is what i am > getting > squid ldap auth: WARNING, could not bind to bindn 'Strong(er) authentication > required' This usually indicates you need to use SSL or TLS, or to reconfigure the LDAP server to allow unencrypted bind requests. Maybe more information can be found in the logs of the LDAP server. As I do not have any NDS servers I am afraid I am of limited help here. What I do know is that the SSL support to the squid_ldap_auth helper was added by a user who needed it to talk to NDS as NDS only implements LDAPv2 over SSL and not LDAPv3/TLS and by default requires bind requests to be encrypted (good security measure to protect users passwords in general, but of limited value in combination with http as http is already plaintext) Checking on the status of the SSL support.. right. The LDAP over SSL support is only available in the current development version of the helper, not in the version shipped with Squid-2.5. To make this work you need to get the squid_ldap_auth helper from the Squid-3 snapshots and specify a ldaps:// URL to connect to. This helper also works with Squid-2.5. Have made a mental note to consider if the squid_ldap_auth helper should be upgraded for the upcoming Squid-2.5.STABLE4 release but if you want to guarantee this is not forgotten please register a feature request in bugzilla. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
