Hello,
I'm trying to authenticate a squid server against an openldap server. It works fine if I don't try
TLS. When I do it, adding the "-Z" option, it doesn't work.
It's a Fedora 20 box running squid 3.3.12.
Helper is defined as follow at squid.conf :
auth_param basic program /usr/lib64/squid/basic_ldap_auth -b "ou=people,dc=domain,dc=fr" -u "uid" -f
"(|(mail=%s)(uid=%s))" -Z -h ldap.domain.fr
squid side logs shows :
2014/06/02 22:01:54.001 kid1| Starting new basicauthenticator helpers...
2014/06/02 22:01:54.001 kid1| helperOpenServers: Starting 1/5 'basic_ldap_auth'
processes
Could not Activate TLS connection
2014/06/02 22:01:54.001 kid1| WARNING: basicauthenticator #1 exited
2014/06/02 22:01:54.001 kid1| Too few basicauthenticator processes are running
(need 1/5)
2014/06/02 22:01:54.001 kid1| Starting new helpers
2014/06/02 22:01:54.001 kid1| helperOpenServers: Starting 1/5 'basic_ldap_auth'
processes
openldap server shows :
Jun 2 22:01:56 paris-1 slapd[24429]: [ID 848112 local4.debug] conn=9893 fd=16 ACCEPT from
IP=194.214.158.NNN:36300 (IP=0.0.0.0:389)
Jun 2 22:01:56 paris-1 slapd[24429]: [ID 270379 local4.debug] conn=9893 op=0 EXT
oid=1.3.6.1.4.1.1466.20037
Jun 2 22:01:56 paris-1 slapd[24429]: [ID 560212 local4.debug] conn=9893 op=0
STARTTLS
Jun 2 22:01:56 paris-1 slapd[24429]: [ID 875301 local4.debug] conn=9893 op=0
RESULT oid= err=0 text=
Jun 2 22:01:56 paris-1 slapd[24429]: [ID 105384 local4.debug] conn=9893 fd=16 TLS established
tls_ssf=128 ssf=128
Jun 2 22:01:56 paris-1 slapd[24429]: [ID 485650 local4.debug] conn=9893 fd=16
closed (connection lost)
It seems that the openldap server agrees with TLS but the helper dies. Adding "-d" option doesn't
show anything interesting.
Any hint ?
Regards
José-Marcio
--
