I'm trying to configure Squid 2.4.STABLE7, running on SuSE, to ldap
authenticate against eDirectory.
I have a working ldap query, which works just fine at the command line
using squid_ldap_auth:
./squid_ldap_auth -b "ou=xxxx,o=yyyy,c=zz" -u cn -s sub -D
"cn=wwww,ou=xxxx,o=yyyy,c=zz," -w <password> -f "<filter here>"
ldap_ip_address
This successfully connects to the server and validates or errors user name
and password combinations correctly.
In squid.conf, I have:
acl all src 0.0.0.0/0.0.0.0
acl password proxy_auth REQUIRED
http_access allow password
http_access deny all
PROBLEM: when I try to open a page and enter the user name and password at
the prompt, I just get the following error in cache.log:
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid DN syntax'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid DN syntax'
and the prompt re-appears. But this DN is fine when run from the command
line.
I did notice that I get a TCP_DENIED message in access.log AS the prompt
flashes up (i.e. BEFORE I've actually entered my details (not sure whether
this is relevant or not)), as well as after.
Any help appreciated.
Regards
Jeff
--
Jeff Richards
Technical Consultant
Unix Enterprise Services
jeff.r...@centrelink.gov.au
Tel: +61 2 6219 8125
Important: This e-mail is intended for the use of the addressee and may contain information that is confidential, commercially valuable or subject to legal or parliamentary privilege. If you are not the intended recipient you are notified that any review, re-transmission, disclosure, use or dissemination of this communication is strictly prohibited by several Commonwealth Acts of Parliament. If you have received this communication in error please notify the sender immediately and delete all copies of this transmission together with any attachments.
> squid_ldap_auth: WARNING, could not bind to binddn 'Invalid DN syntax'
> squid_ldap_auth: WARNING, could not bind to binddn 'Invalid DN syntax'
>
> and the prompt re-appears. But this DN is fine when run from the command
> line.
Squid-2.4 does not understand quotes in helper command line
specifications.
You should consider upgrading to Squid-2.5, the current supported Squid
version.
Regards
Henrik
#!/bin/sh
./squid_ldap_auth -b "ou=3Dxxxx,o=3Dyyyy,c=3Dzz" -u cn -s sub -D
"cn=3Dwwww,ou=3Dxxxx,o=3Dyyyy,c=3Dzz," -w <password> -f "<filter =
here>"
ldap_ip_address
and then call the bash script in the squid.conf file ... don't forget =
to
give permisses to squid to read and execute the script ....=20
Good Luck.
_________________________________________
Sebasti=E1n Arias
Infraestructure & Technologies
AT&T Lat=EDn Am=E9rica, Argentina
Phone: [5411]5288-0524 - Fax: [5411]5288-0408
-----Mensaje original-----
De: jeff.r...@centrelink.gov.au
[mailto:jeff.r...@centrelink.gov.au]
Enviado el: Martes, 14 de Octubre de 2003 04:19 a.m.
Para: Squid Users
Asunto: [squid-users] squid_ldap_auth problem
Hi
I'm trying to configure Squid 2.4.STABLE7, running on SuSE, to ldap
authenticate against eDirectory.
I have a working ldap query, which works just fine at the command line
using squid_ldap_auth:
./squid_ldap_auth -b "ou=3Dxxxx,o=3Dyyyy,c=3Dzz" -u cn -s sub -D
"cn=3Dwwww,ou=3Dxxxx,o=3Dyyyy,c=3Dzz," -w <password> -f "<filter =
here>"
ldap_ip_address
This successfully connects to the server and validates or errors user =
name
and password combinations correctly.
In squid.conf, I have:
acl all src 0.0.0.0/0.0.0.0
acl password proxy_auth REQUIRED
http_access allow password
http_access deny all
PROBLEM: when I try to open a page and enter the user name and password =
at
the prompt, I just get the following error in cache.log:
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid DN syntax'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid DN syntax'
and the prompt re-appears. But this DN is fine when run from the =
command
line.
I did notice that I get a TCP_DENIED message in access.log AS the =
prompt
flashes up (i.e. BEFORE I've actually entered my details (not sure =
whether
this is relevant or not)), as well as after.
Any help appreciated.
Regards
Jeff
--
Jeff Richards
Technical Consultant
Unix Enterprise Services
jeff.r...@centrelink.gov.au
Tel: +61 2 6219 8125
Important: This e-mail is intended for the use of the addressee and =
may
contain information that is confidential, commercially valuable or =
subject
to legal or parliamentary privilege. If you are not the intended =
recipient
you are notified that any review, re-transmission, disclosure, use or
dissemination of this communication is strictly prohibited by several
Commonwealth Acts of Parliament. If you have received this =
communication in
error please notify the sender immediately and delete all copies of =
this
transmission together with any attachments.
Este mensaje es confidencial. El mismo contiene informaci=F3n reservada =
y que no puede ser difundida. Si usted ha recibido este e-mail=20
por error, por favor av=EDsenos inmediatamente v=EDa e-mail y tenga la=20
amabilidad de eliminarlo de su sistema; no deber=E1 copiar el mensaje=20
ni divulgar su contenido a ninguna persona. Muchas gracias.
=20
This message is confidential. It contains information that is =
privileged and
legally exempt from disclosure. If you have received this e-mail by =
mistake,
please let us know immediately by e-mail and delete it from your =
system;=20
you should also not copy the message nor disclose its contents to =
anyone.=20
Thank You.
--
Jeff Richards
Technical Consultant
Unix Enterprise Services
jeff.r...@centrelink.gov.au
Tel: +61 2 6219 8125
Henrik Nordstrom
<hno@squid-cache. To: jeff.r...@centrelink.gov.au
org> cc: Squid Users <squid...@squid-cache.org>
Subject: Re: [squid-users] squid_ldap_auth problem
14/10/2003 17:35
|---------------------|
| ( ) Urgent(4 hours) |
| (*) Normal(24-48) |
| ( ) Low(72 hours) |
|---------------------| Expires on
On Tue, 14 Oct 2003 jeff.r...@centrelink.gov.au wrote:
> squid_ldap_auth: WARNING, could not bind to binddn 'Invalid DN syntax'
> squid_ldap_auth: WARNING, could not bind to binddn 'Invalid DN syntax'
>
> and the prompt re-appears. But this DN is fine when run from the command
> line.
Squid-2.4 does not understand quotes in helper command line
specifications.
You should consider upgrading to Squid-2.5, the current supported Squid
version.
Regards
Henrik
Important: This e-mail is intended for the use of the addressee and may contain information that is confidential, commercially valuable or subject to legal or parliamentary privilege. If you are not the intended recipient you are notified that any review, re-transmission, disclosure, use or dissemination of this communication is strictly prohibited by several Commonwealth Acts of Parliament. If you have received this communication in error please notify the sender immediately and delete all copies of this transmission together with any attachments.
Jeff
--
Jeff Richards
Technical Consultant
Unix Enterprise Services
jeff.r...@centrelink.gov.au
Tel: +61 2 6219 8125
=
=20
"Arias, Sebastian =
=20
Alejandro - (Ext To: "'jeff.richard=
s...@centrelink.gov.au'" <jeff.r...@centrelink.gov.au>, =20
Arg)" 'Squid Users' <squid-us=
e...@squid-cache.org> =20
<Sebastian.Arias@ cc: =
=20
attla.com> Subject: RE: [squid-use=
rs] squid_ldap_auth problem =20
=
=20
14/10/2003 10:03 =
=20
|---------------------| =
=20
| ( ) Urgent(4 hours) | =
=20
| (*) Normal(24-48) | =
=20
| ( ) Low(72 hours) | =
=20
|---------------------| Expire=
s on =20
=
=20
=
=20
=
=20
=
=20
=
=20
Try with a .sh file named auth_ldap with the following content:
#!/bin/sh
./squid_ldap_auth -b "ou=3Dxxxx,o=3Dyyyy,c=3Dzz" -u cn -s sub -D
"cn=3Dwwww,ou=3Dxxxx,o=3Dyyyy,c=3Dzz," -w <password> -f "<filter he=
re>"
ldap_ip_address
and then call the bash script in the squid.conf file ... don't forget t=
o
give permisses to squid to read and execute the script ....
Good Luck.
_________________________________________
Sebasti=E1n Arias
Infraestructure & Technologies
AT&T Lat=EDn Am=E9rica, Argentina
Phone: [5411]5288-0524 - Fax: [5411]5288-0408
-----Mensaje original-----
De: jeff.r...@centrelink.gov.au
[mailto:jeff.r...@centrelink.gov.au]
Enviado el: Martes, 14 de Octubre de 2003 04:19 a.m.
Para: Squid Users
Asunto: [squid-users] squid_ldap_auth problem
Hi
I'm trying to configure Squid 2.4.STABLE7, running on SuSE, to ldap
authenticate against eDirectory.
I have a working ldap query, which works just fine at the command line
using squid_ldap_auth:
./squid_ldap_auth -b "ou=3Dxxxx,o=3Dyyyy,c=3Dzz" -u cn -s sub -D
"cn=3Dwwww,ou=3Dxxxx,o=3Dyyyy,c=3Dzz," -w <password> -f "<filter he=
re>"
ldap_ip_address
This successfully connects to the server and validates or errors user n=
ame
and password combinations correctly.
In squid.conf, I have:
acl all src 0.0.0.0/0.0.0.0
acl password proxy_auth REQUIRED
http_access allow password
http_access deny all
PROBLEM: when I try to open a page and enter the user name and password=
at
the prompt, I just get the following error in cache.log:
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid DN syntax'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid DN syntax'
and the prompt re-appears. But this DN is fine when run from the comman=
d
line.
I did notice that I get a TCP_DENIED message in access.log AS the promp=
t
flashes up (i.e. BEFORE I've actually entered my details (not sure whet=
her
this is relevant or not)), as well as after.
Any help appreciated.
Regards
Jeff
--
Jeff Richards
Technical Consultant
Unix Enterprise Services
jeff.r...@centrelink.gov.au
Tel: +61 2 6219 8125
Important: This e-mail is intended for the use of the addressee and ma=
y
contain information that is confidential, commercially valuable or subj=
ect
to legal or parliamentary privilege. If you are not the intended recip=
ient
you are notified that any review, re-transmission, disclosure, use or
dissemination of this communication is strictly prohibited by several
Commonwealth Acts of Parliament. If you have received this communicati=
on
in
error please notify the sender immediately and delete all copies of thi=
s
transmission together with any attachments.
Este mensaje es confidencial. El mismo contiene informaci=F3n reservada=
y que no puede ser difundida. Si usted ha recibido este e-mail
por error, por favor av=EDsenos inmediatamente v=EDa e-mail y tenga la
amabilidad de eliminarlo de su sistema; no deber=E1 copiar el mensaje
ni divulgar su contenido a ninguna persona. Muchas gracias.
This message is confidential. It contains information that is privilege=
d
and
legally exempt from disclosure. If you have received this e-mail by
mistake,
please let us know immediately by e-mail and delete it from your system=
;
you should also not copy the message nor disclose its contents to anyon=
e.
Thank You.
=