Hi.
Sorry, but I am not familiar with OpenLDAP. I have only gotten this to work with Server 2003 Active Directory.
Maybe someone else reading this can help. I am not sure what you will need for the "-f" parameter. Try this for some examples though:
http://www.die.net/doc/linux/man/man8/squid_ldap_auth.8.html
I have read of people doing it this way: authenticate_program /usr/local/squid/bin/ldap_auth authenticate_options ldap.yourdomain.com 389 dc=yourdomain,dc=com uid authenticate_children 2
The commandline is the easiest way to debug this. To save re-typing complex stuff to the commandline, put it in a script such as this:
while read INP; do
# Use username and password to authenticate against TEMP1
TEMP1=`echo $INP | /usr/lib/squid/ldap_auth -R -b "dc=mydomain,dc=com" -D
"cn=Administrator,cn=Users,dc=mydomain,dc=com" -w "mypassword"
-f sAMAccountName=%s -h 192.168.1.1`
# If username and password is correct, output "OK"
if [ "$TEMP1" == "OK" ]; then
echo "OK"
else
echo "ERR"
fi
doneThen go: echo "username password" | ./scriptname.sh
Modify the script and re-run until you get it working. Saves alot of typing errors on the commandline. Probably not the most elegant way of writing the script, but it works for me. :-)
regards Dietrich
----- Original Message ----- From: "selvam E" <selvame@xxxxxxxxxxxxxxxxx>
To: <squid-users@xxxxxxxxxxxxxxx>
Cc: "D & E Radel" <radel@xxxxxxxxxxx>
Sent: Wednesday, May 25, 2005 11:13 PM
Subject: Re: [squid-users] Regarding Squid+Ldap
Hi,
Thank u for your reply.
But I am using Openldap for authentication. I do not have Sam account in Openldap. So I am entred command line line like this,
auth_param basic program /usr/lib/squid/squid_ldap_auth
-b "dc=quest,dc=com"
-D "cn=Manager,*cn=User*,dc=quest,dc=com" #### for cn=User what i have to enter
-w "my_password_here"
-f sAMAccountName=%s ### for openldap what i have to enter here
-h 192.168.1.1
Note: I think cn=User is a OU. In my openldap I have created Peple. In that I entered all my users attributes.
Thanking your.
Regards,
Selvam E.
D & E Radel wrote:
Hi
You should probably comment out multiple attempts to authenticate. In your second attempt you have spelt "quest" as "qust". You also haven't specified an OU for the user "Manager", or a -f parameter.
Try debugging at the commandline. eg: echo "username password" | /usr/lib/squid/squid_ldap_auth -b.......
You should get either a "OK" or an "ERR". Anything else, then you need to check your syntax and parameters.
In your squid.conf, all on the same line it should read something like this:
auth_param basic program /usr/lib/squid/squid_ldap_auth -b "dc=quest,dc=com" -D "cn=Manager,cn=Users,dc=quest,dc=com" -w "my_password_here" -f sAMAccountName=%s -h 192.168.1.1
This page gave me alot of help:
http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory
One thing that causes problems is if the password of the administrator (in your case, the user called "Manager") has non-alphanumeric characters. In my case, my problem was that the administrator password had an "!" in it, and I had to use an "\" before the "!", i.e. "\!".
Regards, Dietrich
----- Original Message ----- From: "selvam" <selvame@xxxxxxxxxxxxxxxxx> To: <squid-users@xxxxxxxxxxxxxxx> Cc: <hno@xxxxxxxxxxxxxxx> Sent: Wednesday, May 25, 2005 8:25 PM Subject: [squid-users] Regarding Squid+Ldap
Hi,
I am configure squid.conf with following setting for ldap authentication.
auth_param basic program /usr/lib/squid/squid_ldap_auth -b
"dc=quest,dc=com" -D 'cn=Manager,dc=quest,dc=com' -w z -h 192.168.1.1
#auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/password
auth_param basic program /usr/lib/squid/squid_ldap_auth -b "dc=qust,dc=com" -w "z" -h 192.168.1.1
But i am unbable to authenticate thr ldap please help me I am already posted this query to squid-users but no reply or solution
Hendrik please help me to solve this problem
Thanking you.
Regards,
Selvam E.
