Not sure if the first one didn't get through or not so I apologize for the repost. This issue has me baffled:
I am attempting to use LDAP authentication for Squid. I have configured the plugin as follows: auth_param basic program /usr/lib/squid/ldap_auth -b ou=people,dc=sterlingcrane,dc=ca -H ldaps://ldap.sterlingcrane.ca -v 3 -s sub -f (&(objectclass=account) (uid=%s)) I have verified that it works from the command line, having submitted multiple username and password pairs and getting the OK response. My entire auth_param section looks like this: auth_param basic program /usr/lib/squid/ldap_auth -b ou=people,dc=sterlingcrane,dc=ca -H ldaps://ldap.sterlingcrane.ca -v 3 -s sub -f (&(objectclass=account) (uid=%s)) auth_param basic realm Sterling Crane Internet Login auth_param basic children 10 auth_param basic credentialsttl 2 hours acl authed proxy_auth REQUIRED http_access allow authed http_access deny all Monitoring cache.log all I see is Unable to connect to LDAPURI:ldaps://ldap.sterlingcrane.ca (uid=%s)) 2004/05/13 09:34:12| WARNING: basicauthenticator #3 (FD 13) exited Unable to connect to LDAPURI:ldaps://ldap.sterlingcrane.ca (uid=%s)) 2004/05/13 09:39:36| WARNING: basicauthenticator #3 (FD 14) exited I am using Squid Cache: Version 2.5.STABLE5 configure options: --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc --localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-async-io --with-pthreads --enable-storeio=ufs,aufs,diskd,null --enable-linux-netfilter --enable-arp-acl --enable-removal-policies=lru,heap --enable-snmp --enable-delay-pools --enable-htcp --enable-poll --enable-cache-digests --enable-underscores --enable-referer-log --enable-useragent-log --enable-auth=basic,digest,ntlm i386-debian-linux I've watched the ldap transactions when using the ldap_auth from the command line and can see the transaction. However, I don't believe the plugin is getting executed properly from within squid because I never seem to see equivalent action when trying to login to the browser.(Galeon) I did set the debugging options to ALL,9 which produced this: 2004/05/12 16:39:34| aclMatchAclList: checking localhost 2004/05/12 16:39:34| aclMatchAcl: checking 'acl localhost src 127.0.0.1/255.255.255.255' 2004/05/12 16:39:34| aclMatchIp: '192.168.100.25' NOT found 2004/05/12 16:39:34| aclMatchAclList: no match, returning 0 2004/05/12 16:39:34| cbdataLock: 0x8246e28 2004/05/12 16:39:34| cbdataUnlock: 0x8246bb0 2004/05/12 16:39:34| cbdataValid: 0x8246e28 2004/05/12 16:39:34| aclCheck: checking 'http_access allow authed' 2004/05/12 16:39:34| aclMatchAclList: checking authed 2004/05/12 16:39:34| aclMatchAcl: checking 'acl authed proxy_auth REQUIRED' 2004/05/12 16:39:34| authenticateAuthenticate: header Basic amhlbmtlbDpGdWhyMzE=. 2004/05/12 16:39:34| authenticateAuthenticate: This is a new checklist test on FD:26 2004/05/12 16:39:34| authenticateAuthenticate: no connection authentication type 2004/05/12 16:39:34| authenticateAuthUserRequestLock auth_user request '0x8507e48'. 2004/05/12 16:39:34| authenticateAuthUserRequestLock auth_user request '0x8507e48' now at '1'. 2004/05/12 16:39:34| authenticateDecodeAuth: header = 'Basic amhlbmtlbDpGdWhyMzE=' 2004/05/12 16:39:34| authenticateBasicDecodeAuth: cleartext = 'Username:Password' 2004/05/12 16:39:34| authBasicAuthUserFindUsername: Looking for user 'Username' 2004/05/12 16:39:34| authBasicDecodeAuth: Found user 'Username' in the user cache as '0x8507e90' 2004/05/12 16:39:34| authBasicDecodeAuth: last attempt to authenticate this user failed, resetting auth state to unchecked 2004/05/12 16:39:34| authenticateAuthUserLock auth_user '0x8507e90'. 2004/05/12 16:39:34| authenticateAuthUserLock auth_user '0x8507e90' now at '2'. 2004/05/12 16:39:34| authenticateValidateUser: Validating Auth_user request '0x8507e48'. 2004/05/12 16:39:34| authenticateValidateUser: Validated Auth_user request '0x8507e48'. 2004/05/12 16:39:34| authenticateValidateUser: Validating Auth_user request '0x8507e48'. 2004/05/12 16:39:34| authenticateValidateUser: Validated Auth_user request '0x8507e48'. 2004/05/12 16:39:34| User not authenticated or credentials need rechecking. 2004/05/12 16:39:34| authenticateValidateUser: Validating Auth_user request '0x8507e48'. 2004/05/12 16:39:34| authenticateValidateUser: Validated Auth_user request '0x8507e48'. 2004/05/12 16:39:34| User not authenticated or credentials need rechecking. 2004/05/12 16:39:34| aclMatchAcl: returning 0 sending credentials to helper. 2004/05/12 16:39:34| aclMatchAclList: no match, returning 0 2004/05/12 16:39:34| aclCheck: checking password via authenticator 2004/05/12 16:39:34| authenticateValidateUser: Validating Auth_user request '0x8507e48'. 2004/05/12 16:39:34| authenticateValidateUser: Validated Auth_user request '0x8507e48'. 2004/05/12 16:39:34| authenticateStart: auth_user_request '0x8507e48' 2004/05/12 16:39:34| authenticateStart: 'Username:Password' 2004/05/12 16:39:34| cbdataLock: 0x8503cf8 2004/05/12 16:39:34| authenticateAuthUserRequestLock auth_user request '0x8507e48'. 2004/05/12 16:39:34| authenticateAuthUserRequestLock auth_user request '0x8507e48' now at '2'. 2004/05/12 16:39:34| cbdataLock: 0x8503e68 2004/05/12 16:39:34| cbdataValid: 0x8503e68 2004/05/12 16:39:34| comm_write: FD 13: sz 15: hndl (nil): data (nil). 2004/05/12 16:39:34| commSetSelect: FD 13 type 2 2004/05/12 16:39:34| commSetSelect: FD 13 type 1 2004/05/12 16:39:34| helperDispatch: Request sent to basicauthenticator #2, 15 bytes 2004/05/12 16:39:34| helperSubmit: Username Password I replaced a real user with Username and Password in the previous snippet. Can anyone advise what might be wrong?
