i'm trying to configure ldap on squid-2.5STABLE1-20021212 to validate users
from active dir on win2000 server, and i'm a bit stuck with the squid.conf
configuration. i'm not having a good time with it, please point me in the
sensible direction of how to test ldap manually from command line and could
you also indicate what acl lines i need in the squid.conf file. (i've been
through the squid_ldap_auth.8 help file as there are references for the
active dir authentication but not success so far).
when parsing the squid.conf file on start, the ldap is unrecongnized. do i
need to enable basic authentication for ldap to work?
thanks tomas
--
end
________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________
I believe that you need to compile basic ldap support into squid using the
following
compile --enable-ldap --enable-ldap-authentication {config to that sort of
thing.. my net access is down atm, so you'll need to check the faq/howto }
There is more relevant information in the squid faq...
Also, it might help if you can do basic ldap authentication using the
openldap "ldapsearch" tool
ldapsearch -h ldapserver "userx"
{{{ returns ldap user information }}}
Then again, knowing MS Active directory, it might barf up.. I know a few ppl
who've had auth problems with active directory...
Dan.
auth_param basic program /path/to/squid_ldap_auth ...
As for testing: All basic scheme auth helpers can be tested in the
same manner. Just fire up the helper with the correct command line
arguments as documented in the documentation to the specific helper
and then type
username <space> password <enter>
If successful the helper will respond with OK, else with ERR.
Regards
Henrik
> I believe that you need to compile basic ldap support into squid
> using the following
>
> compile --enable-ldap --enable-ldap-authentication {config to that
> sort of thing.. my net access is down atm, so you'll need to check
> the faq/howto }
No, the LDAP auth helper is a basic scheme helper, and the LDAP group
helper is an external_acl helper.
Squid configure directives:
--enable-auth=basic (the default unless you sepecify something else)
--enable-basic-auth-helpers="LDAP"
--enable-external-acl-helpers="ldap_group"
squid.conf directives
auth_param basic program /usr/local/squid/libexec/squid_ldap_auth ....
auth_param basic ... [as in the default squid.conf, modify to suit
your needs]
external_acl_type LDAP_group %LOGIN
/usr/local/squid/libexec/squid_ldap_group ....
acl ldap_group_1 external LDAP_group a_ldap_group_name
Note: as with most acl types in Squid you can list multiple group
names in a "external LDAP_group acl"
> ldapsearch -h ldapserver "userx"
> {{{ returns ldap user information }}}
>
> Then again, knowing MS Active directory, it might barf up.. I know
> a few ppl who've had auth problems with active directory...
My tests with MSAD has been quite reliable using LDAP.
However, you might need to specify a valid account to be allowed to
perform searches. See the LDAP helpers documentation.
Regards
Henrik
could you have a look at this one please. this is the result of a ldap
command line test. compilation and installation of squid was ok, these lib
files are in the file system /usr/local/lib/ before squid installation i
installed openldap and the correct libraries and the permissions are 755 on
the sym links and the actual files.
./squid_ldap_auth -u cn -b cn=Users,dc=our,dc=domain ldap-server-name
ld.so.1: ./squid_ldap_auth: fatal: libldap.so.2: open failed: No such file
or directory
Killed
i have tried the same with another installation of squid that is located in
it's default dir [/usr/local/squid] and the same problem persists.
thank you
my appologies i should have been more explicit. it's stable squid
installation squid-2.5STABLE1-20021212 on solaris sparc 7. i have previously
installed openldap with these options disabled --disable-ldbm
--disable-slapd
i'm running squid on two servers and only lately i needed to configure ldap
to talk to our win2000 servers - and believe it or not i'm still at it.
henrik help me a lot last night and you all, but still this is something i
can't debug myself.
./squid_ldap_auth -u cn -b cn=Users,dc=our,dc=domain ldap-server-name
ld.so.1: ./squid_ldap_auth: fatal: libldap.so.2: open failed: No such file
or directory
Killed
i seem to be getting there step by step (or rather mail by mail to the squid
group) thank you all for help
tomas
-----Original Message-----
From: Alexandre [mailto:asau...@fazenda.sp.gov.br]
Sent: 20 December 2002 15:10
To: Tomas Palfi
Subject: Re: [squid-users] ldap
hi Tomas
you need to have a libldap.so.2 in your system !
install the openldap package tha this problem is go away
what O.S you have
Linux, Solaris, ... ... ... ?