I am having a problem with the -U passwordattr option in squid_ldap_auth
("Squid LDAP authentication helper"). Here is what I am trying to do:
1) Bind to LDAP server with a hard-coded user/pass (i.e., using -D
binddn -w password)
2) Look up a given user's record using a filter (i.e., -f filter)
3) authenticate the user with a password attribute specified by me
(i.e., -U passwordattr)
Looking at /var/log/messages, LDAP tells me that:
a) binding as the hard-coded user is successful
b) searching for the given user's record is successful
c) performing the compare on the passwordattr of the given user is
successful
d) then squid_ldap_auth tries to bind as the given user.
e) binding as the given user fails and squid_ldap_auth returns ERR
I do not understand why squid_ldap_auth is trying to bind as the given
user. After step (c), shouldn't the process be complete? The compare is
successful so shouldn't I get an OK?
Thanks,
Ross
PS - here is my command line where 'testuser' is the hard-coded user,
and the passwordattr is 'OXGroupID'
squid_ldap_auth \
-b "ou=Users,ou=OxObjects,dc=example,dc=com" \
-f "(&(objectClass=*)(uid=%s))" \
-d \
-v 3 \
-U OXGroupID \
-D "uid=testuser,ou=Users,ou=OxObjects,dc=example,dc=com" \
-w testpass \
localhost
