LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-18-2004, 09:46 PM   #1
fluff
LQ Newbie
 
Registered: Sep 2003
Location: NZ
Distribution: Red Hat
Posts: 17

Rep: Reputation: 0
Getting squid to authenticate to OpenLDAP Server


I am trying to get squid to authenticate to our OS X Opendirectory Server (Runs OpenLDAP).

currently we can connect and retrieve information from the LDAP server using ldapsearch. The following command was used:

ldapsearch -x -b cn=users,dc=my,dc=domain,dc=name -h 192.168.152.53

This returns all the information in the users tree of my ldap database...

When I try to run squid_auth_ldap from the command line, All i get back is an error....

squid_ldap_auth -b cn=users,dc=my,dc=domain,dc=name -s sub -f "(&(objectClass=person)(uid=%s))" -h 192.168.152.53

the type in:

username password

all i get back is ERR

I Have also tried the following other options:

squid_ldap_auth -b cn=users,dc=my,dc=domain,dc=name -s sub -f "uid=%s" -h 192.168.152.53

squid_ldap_auth -b cn=users,dc=my,dc=domain,dc=name -f "uid=%s" -h 192.168.152.53

I have also tried connecting to the LDAP server using the root user and password as per the following example:

squid_ldap_auth -b cn=users,dc=my,dc=domain,dc=name -f "uid=%s" -h 192.168.152.53 -D uid=root,cn=users,dc=my,dc=domain,dc=name -w password

Then if I type in the username password combination i get the following error:

squid_ldap_auth: WARNING, could not bind to binddn 'Protocol error'
squid_ldap_auth: WARNING, could not bind to binddn 'Protocol error'

HELP PLEASE... where am i going wrong.

Thanks
Francois.
 
Old 08-20-2004, 05:16 PM   #2
fluff
LQ Newbie
 
Registered: Sep 2003
Location: NZ
Distribution: Red Hat
Posts: 17

Original Poster
Rep: Reputation: 0
Anyone????
 
Old 08-21-2004, 06:21 AM   #3
arno
Member
 
Registered: Jul 2004
Location: Netherlands
Distribution: fedora core 8, suse 10.3, ubuntu 7.10, kamikaze 7.09
Posts: 515

Rep: Reputation: 30
You use an anonymous ldapsearch mode
try to test binding as a user
ldapsearch -x -D "uid=root" -b ......
 
Old 08-22-2004, 03:52 PM   #4
fluff
LQ Newbie
 
Registered: Sep 2003
Location: NZ
Distribution: Red Hat
Posts: 17

Original Poster
Rep: Reputation: 0
Hi,
Thanks for the reply.
I have entered the following command with the output from that command:

ldapsearch -x -D uid=username,cn=users,dc=my,dc=domain,dc=name -W -b dc=my,dc=domain,dc=name -h 192.168.152.53
Enter LDAP Password:

And it returns pages of information about my ldap server and the data contained in it...... So I can authenticate to my ldap server using ldapsearch, but not when using squid_auth_ldap...


Cheers.

Last edited by fluff; 08-22-2004 at 11:31 PM.
 
Old 08-23-2004, 06:43 AM   #5
arno
Member
 
Registered: Jul 2004
Location: Netherlands
Distribution: fedora core 8, suse 10.3, ubuntu 7.10, kamikaze 7.09
Posts: 515

Rep: Reputation: 30
there seems to be two files try using the second
usr/lib/squid/squid_ldap_auth
usr/local/squid/libexec/squid_ldap_auth
 
Old 08-23-2004, 11:06 PM   #6
fluff
LQ Newbie
 
Registered: Sep 2003
Location: NZ
Distribution: Red Hat
Posts: 17

Original Poster
Rep: Reputation: 0
I only have /usr/lib/squid/squid_ldap_auth - (default red hat 9 install) using squid-2.5.STABLE1-2.
 
Old 08-24-2004, 05:44 AM   #7
arno
Member
 
Registered: Jul 2004
Location: Netherlands
Distribution: fedora core 8, suse 10.3, ubuntu 7.10, kamikaze 7.09
Posts: 515

Rep: Reputation: 30
Try downloading stable 6 version, although there is no change for ldap access since stable version 2 the help function of ldap is changed ( there were some error in it )
 
Old 08-24-2004, 05:52 AM   #8
arno
Member
 
Registered: Jul 2004
Location: Netherlands
Distribution: fedora core 8, suse 10.3, ubuntu 7.10, kamikaze 7.09
Posts: 515

Rep: Reputation: 30
Have a look at this bug

http://www.squid-cache.org/bugs/show_bug.cgi?id=935
 
Old 08-27-2004, 05:31 PM   #9
fluff
LQ Newbie
 
Registered: Sep 2003
Location: NZ
Distribution: Red Hat
Posts: 17

Original Poster
Rep: Reputation: 0
I have installed openldap on my test fedora box and can get the suid_ldap_auth working fine with that.. so i'm thinking there is not an issue with squid.

I'm not sure if there is an issue with the ldap server on os x being ldapv3 or not??

There must be a way to use squid_lap_auth to authenticate to the os x openldap server.

I have done some experimenting with ldapsearch, I can only authenticate using ldapsearch is I use simple authentication (-x), when trying to use sasl, it does not accept my username and password. Is it possible that squid_ldap_auth only authenticates using sasl?? I have checked the man page for squid_ldap_auth but cannot see any way to specifiy what sort of authentication to use.

Last edited by fluff; 08-27-2004 at 05:33 PM.
 
Old 08-28-2004, 10:44 AM   #10
arno
Member
 
Registered: Jul 2004
Location: Netherlands
Distribution: fedora core 8, suse 10.3, ubuntu 7.10, kamikaze 7.09
Posts: 515

Rep: Reputation: 30
squid_ldap_auth expect the following input.

echo "userPassword: <password>" | <path>/squid_ldap_auth -h <ldap
server> -p <port> -P -b <ldap root> -f "uid=<user ID>"

You may have other options for squid_ldap_auth
 
Old 08-28-2004, 05:34 PM   #11
fluff
LQ Newbie
 
Registered: Sep 2003
Location: NZ
Distribution: Red Hat
Posts: 17

Original Poster
Rep: Reputation: 0
When testing squid_ldap_auth with the ldap server on the fedora box the following input was entered aftrer running squid_ldap_auth -b ou=users,dc=my,dc=domain,dc=name ldapserver.my.domain.name

"username<space>password<enter>"

This returns OK when a valid username and password combination was entered.

The only difference I can see with the apple ldap server is that the users "group" is setup as a container and not an organizational unit, so the following command "should" work on the OS X ldap server:

squid_ldap_auth -b cn=users,dc=my,dc=domain,dc=name osxserver.my.domain.name

But it never accepts any username and password combination..

PS. I do not need any filters because apple use uid as the uid field - unlike a M$ AD server.

Last edited by fluff; 08-28-2004 at 05:35 PM.
 
Old 05-07-2009, 10:18 AM   #12
ricardogorayeb
LQ Newbie
 
Registered: Dec 2005
Posts: 4

Rep: Reputation: 0
You have to Allow LDAPv2 client connections. In slapd.conf uncomment the following line and restart your LDAP

allow bind_v2


It will work like a charm.
 
Old 06-11-2010, 05:20 PM   #13
bandikoto
LQ Newbie
 
Registered: Jun 2010
Posts: 1

Rep: Reputation: 0
Quote:
Originally Posted by ricardogorayeb View Post
You have to Allow LDAPv2 client connections. In slapd.conf uncomment the following line and restart your LDAP

allow bind_v2


It will work like a charm.
Alternatively, tell squid_ldap_auth to bind with v3:

Code:
/usr/lib/squid/squid_ldap_auth -v 3 -b "cn=users,dc=example,dc=com" -f "uid=%s" -h 10.9.8.7
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to configure PPPoE server authenticate jiangjiang Linux - Networking 2 04-20-2010 12:52 AM
squid: easiest way to authenticate against AD eantoranz Linux - Networking 4 07-01-2005 12:42 PM
unable to authenticate ntlm users using squid tobushan Linux - Networking 1 04-07-2005 02:40 AM
cannot authenticate users in squid through winbind bahadur Linux - Networking 1 07-28-2004 06:51 PM
Use Advanced Server to authenticate cmarkides Linux - Networking 1 02-20-2003 06:41 PM


All times are GMT -5. The time now is 07:14 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration