Thanks for the reply yes, from comand line both helpers work: /usr/lib/squid/squid_ldap_auth -b ou=squid,dc=muratisik,dc=homelinux,dc=org -f "(&(uid=% s)(objectClass=inetOrgPerson))" -h 127.0.0.1 tester tester OK /usr/lib/squid/squid_ldap_group -b ou=squid,dc=muratisik,dc=homelinux,dc=org -B ou=squid,dc=muratisik,dc=homelinux,dc=org -F "(uid=%s)" -f "(&(cn=squid_allowed) (member=%u)(objectClass=groupOfNames))" -h 127.0.0.1 tester tester OK BTW I am running fedora core 3 (with latest updates) Also this the slapd.log part for a failing squid authentication: Jun 3 20:48:24 muratisik slapd[28574]: conn=10 fd=13 ACCEPT from IP=127.0.0.1:42096 (IP=0.0.0.0:389) Jun 3 20:48:24 muratisik slapd[28574]: conn=10 op=0 SRCH base="ou=squid,dc=muratisik,dc=homelinux,dc=org" scope=2 deref=0 filter="(uid=mom)" Jun 3 20:48:24 muratisik slapd[28574]: conn=10 op=0 SRCH attr=1.1 Jun 3 20:48:24 muratisik slapd[28574]: conn=10 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text= Jun 3 20:48:24 muratisik slapd[28574]: conn=10 op=1 SRCH base="ou=squid,dc=muratisik,dc=homelinux,dc=org" scope=2 deref=0 filter="(& (cn=squid_allowed)(member=uid=mom,ou=squid,dc=muratisik,dc=homelinux,dc=org) (objectClass=groupOfNames))" Jun 3 20:48:24 muratisik slapd[28574]: conn=10 op=1 SRCH attr=1.1 Jun 3 20:48:24 muratisik slapd[28574]: <= bdb_equality_candidates: (member) index_param failed (18) Jun 3 20:48:24 muratisik slapd[28574]: conn=10 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Jun 3 20:48:24 muratisik slapd[28574]: conn=10 op=2 UNBIND Jun 3 20:48:24 muratisik slapd[28574]: conn=10 fd=13 closed Have a nice day On Fri, 03 Jun 2005 17:07:28 +0200, Emilio Casbas wrote > Murat Isik wrote: > > >Hello, > > > >I am trying to get squid authenticate with openldap. I have googled, > >searched the mail archives and read the mans but it is still not working. My > >slapd.conf: > > > >include /etc/openldap/schema/core.schema > >include /etc/openldap/schema/cosine.schema > >include /etc/openldap/schema/inetorgperson.schema > >include /etc/openldap/schema/nis.schema > >include /etc/openldap/schema/corba.schema > >include /etc/openldap/schema/misc.schema > >include /etc/openldap/schema/openldap.schema > >include /etc/openldap/schema/dyngroup.schema > >include /etc/openldap/schema/java.schema > >include /etc/openldap/schema/redhat/autofs.schema > > > >allow bind_v2 > > > >pidfile /var/run/slapd.pid > >argsfile /var/run/slapd.args > > > >database bdb > >suffix "dc=muratisik,dc=homelinux,dc=org" > >rootdn "cn=Manager,dc=muratisik,dc=homelinux,dc=org" > >rootpw ortak_nokta > > > >directory /var/lib/ldap > > > >index objectClass eq,pres > >index ou,cn,mail,surname,givenname eq,pres,sub > >index uidNumber,gidNumber,loginShell eq,pres > >index uid,memberUid eq,pres,sub > >index nisMapName,nisMapEntry eq,pres,sub > > > > > >my openldap ldif: > > > >version: 1 > > > ># LDIF Export for: dc=muratisik,dc=homelinux,dc=org > ># Generated by phpLDAPadmin ( http://phpldapadmin.sourceforge.net/ ) on June > >3, 2005 4:05 pm > ># Server: My LDAP Server (127.0.0.1) > ># Search Scope: sub > ># Search Filter: (objectClass=*) > ># Total Entries: 6 > > > ># Entry 1: dc=muratisik,dc=homelinux,dc=org > >dn: dc=muratisik,dc=homelinux,dc=org > >dc: muratisik > >o: muratisik.homelinux.org > >objectClass: dcObject > >objectClass: organization > >objectClass: top > > > ># Entry 2: cn=Manager,dc=muratisik,dc=homelinux,dc=org > >dn: cn=Manager,dc=muratisik,dc=homelinux,dc=org > >cn: Manager > >objectClass: organizationalRole > >objectClass: top > > > ># Entry 3: ou=squid,dc=muratisik,dc=homelinux,dc=org > >dn: ou=squid,dc=muratisik,dc=homelinux,dc=org > >ou: squid > >objectClass: top > >objectClass: organizationalUnit > > > ># Entry 4: uid=murat,ou=squid,dc=muratisik,dc=homelinux,dc=org > >dn: uid=murat,ou=squid,dc=muratisik,dc=homelinux,dc=org > >uid: murat > >givenName: Murat > >sn: Isik > >cn: muratisik > >userPassword: secret > >loginShell: /bin/bash > >uidNumber: 504 > >gidNumber: 504 > >homeDirectory: /home/murat > >shadowMin: -1 > >shadowMax: 999999 > >shadowWarning: 7 > >shadowInactive: -1 > >shadowExpire: -1 > >shadowFlag: 0 > >objectClass: top > >objectClass: person > >objectClass: posixAccount > >objectClass: shadowAccount > >objectClass: inetOrgPerson > > > ># Entry 5: uid=tester,ou=squid,dc=muratisik,dc=homelinux,dc=org > >dn: uid=tester,ou=squid,dc=muratisik,dc=homelinux,dc=org > >uid: tester > >givenName: tester > >sn: tester > >cn: tester > >userPassword: tester > >loginShell: /bin/bash > >uidNumber: 505 > >gidNumber: 505 > >homeDirectory: /home/tester > >shadowMin: -1 > >shadowMax: 999999 > >shadowWarning: 7 > >shadowInactive: -1 > >shadowExpire: -1 > >shadowFlag: 0 > >objectClass: top > >objectClass: person > >objectClass: posixAccount > >objectClass: shadowAccount > >objectClass: inetOrgPerson > > > ># Entry 6: cn=squid_allowed,ou=squid,dc=muratisik,dc=homelinux,dc=org > >dn: cn=squid_allowed,ou=squid,dc=muratisik,dc=homelinux,dc=org > >cn: squid_allowed > >member: uid=tester,ou=squid,dc=muratisik,dc=homelinux,dc=org > >objectClass: groupOfNames > >objectClass: top > > > > > >my squid.conf: > > > >auth_param basic program /usr/lib/squid/squid_ldap_auth -b > >ou=squid,dc=muratisik,dc=homelinux,dc=org -f > >(&(uid=%s)(objectClass=inetOrgPerson)) -h 127.0.0.1 > > > > > Have you tested the squid_ldap_auth binary in command line? > From ../squid-2.5.STABLEX/helpers/basic_auth/LDAP > type > nroff -man squid_ldap_auth.8 |more > > > > >external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -b > >ou=squid,dc=muratisik,dc=homelinux,dc=org -B > >ou=squid,dc=muratisik,dc=homelinux,dc=org -F (uid=%s) -f > >(&(cn=%g)(member=%u)(objectClass=groupOfNames)) -h 127.0.0.1 > > > >acl AUTENTIC proxy_auth REQUIRED > >acl INTERNET external ldap_group squid_allowed > > > >http_access allow INTERNET > >http_access allow AUTENTIC INTERNET > > > > > >When I enter the username and password (tester/tester) when the browser pops > >up the squid auth box, I get "Cache Access Denied." > > > >Thanks in advance. > > > >Have a nice day > > > >Murat Isik > > > > > > > -- > Thanks > Emilio C. -- Open WebMail Project (http://openwebmail.org)
