Arno Seidel wrote:
Hi List,
i�ve several problems with the squid ldap auth
i use following versions: squid-2.5.STABLE1 openldap2-2.1.12 on SuSE 8.2 Pro (with all recent updates)
the ldap configuration works with samba and postfix
for the squid_ldapauth i use following configuration
/etc/squid_ldapauth.conf
# if not set, following defaults will be used: ldap-server : xxxx ldap-port : 389 # 389 ldap-suffix : dc=bad,dc=de # constructed from `hostname -d` ldap-filter : (uid=%s) ldap-passwdfield: userPassword ldap-binddn : cn=squid,dc=bad,dc=de # i.e. uid=squid,dc=domain,dc=top ldap-password : xxxxxx # LDAP password for above binddn #
squid.conf: hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY error_directory /usr/share/squid/errors/German
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hour
auth_param basic program /usr/sbin/squid_ldapauth
Don't you missing a parameter with the squid_ldapauth? auth_param basic program /usr/sbin/squid_ldapauth /etc/squid_ldapauth.conf
refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320
cache_mem 42
cache_dir ufs /var/spool/squid/cache/ 2000 16 256
acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl all src xxxxxxxx/255.255.255.0 acl allowed_hosts src xxxxxxxxx/255.255.255.0 acl SSL_ports port 443 563 acl CONNECT method CONNECT
http_access deny manager all http_access allow allowed_hosts http_access deny all
icp_access allow allowed_hosts icp_access deny all
miss_access allow allowed_hosts miss_access deny all
cache_mgr [EMAIL PROTECTED] cache_effective_user squid nogroup visible_hostname nfs-1.bad.de
coredump_dir /var/spool/squid/cache/squid http_port xxxxx:3128 #https_port 192.168.1.1:3129
authenticate_program /usr/sbin/squid_ldapauth
This acl isn't valid in squid-2.5 Serie auth_param is the correct.
when i type in this command: squid_ldapauth -v -q -l i get following
squid_ldapauth[3222]: config - found key: 'ldap-server' squid_ldapauth[3222]: config - got value: 'xxxx' squid_ldapauth[3222]: config - found key: 'ldap-port' squid_ldapauth[3222]: config - got value: '389' squid_ldapauth[3222]: config - found key: 'ldap-suffix' squid_ldapauth[3222]: config - got value: 'dc=bad,dc=de' squid_ldapauth[3222]: config - found key: 'ldap-filter' squid_ldapauth[3222]: config - got value: '(uid=%s)' squid_ldapauth[3222]: config - found key: 'ldap-passwdfield' squid_ldapauth[3222]: config - got value: 'userPassword' squid_ldapauth[3222]: config - found key: 'ldap-binddn' squid_ldapauth[3222]: config - got value: 'xxxxx' squid_ldapauth[3222]: config - found key: 'ldap-password' squid_ldapauth[3222]: config - got value: 'xxxxx' squid_ldapauth[3222]: using ldap-server => 'xxxx' squid_ldapauth[3222]: using ldap-port => '389' squid_ldapauth[3222]: using ldap-suffix => 'dc=bad,dc=de' squid_ldapauth[3222]: using ldap-filter => '(uid=%s)' squid_ldapauth[3222]: using ldap-passwdfield => 'userPassword' squid_ldapauth[3222]: using ldap-binddn => 'xxxxxxx' squid_ldapauth[3222]: using ldap-password => 'xxxxx' squid_ldapauth[3222]: ldap_bind failed
my ldap says:
Jun 13 14:43:03 xxx slapd[3008]: conn=43 op=0 RESULT tag=97 err=2 text=requested protocol version not allowed
my questions now are:
Do i something wrong in the configuration?
is there a way to specify the protokoll version?
Test with squid_ldapauth -h I think you have to specify the openldap version with squid_ldapauth -v 2 | 3 or similar.
Emilio C.
