Hello squid-users,
hello Henrik,
I'm using squid_ldap_auth to authenticate against our LDAP server.
Our LDAP server accepts only ldaps (port 636) and anonymouse simple bind is disabled.
I've copied the certificate of the LDAP server to the squid cache and configured it in /etc/ldap/ldap.conf:
TLS_CACERT /etc/ldap/ca.pem
ldapsearch works fine:
$ ldapsearch -x -b o=xxx -D cn=LDAPuser,ou=xxx,ou=xxx,ou=xxx,o=xxx -H ldaps://server.domain -w password -Z
ldap_start_tls: Inappropriate authentication (48)
additional info: Anonymous Simple Bind Disabled.
# extended LDIF
#
# LDAPv3
# base <o=xxx> with scope subtree
.
.
<ldap data>
.
.
And now my problem... squid_ldap_auth doesn't work:
$ echo "<user> <password>" | /usr/local/squid/libexec/squid_ldap_auth -u cn -b o=xxx -f "(&(cn=<user>)(groupMembership=cn=xxx,o=xxx))" -H ldaps://server.domain -v 3 -Z
Could not Activate TLS connection
-d doesn't show a more detailed error-message :(
I've looked in the source code and changed it from
#ifdef LDAP_OPT_X_TLS
if (version != LDAP_VERSION3) {
fprintf(stderr, "TLS requires LDAP version 3\n");
exit(1);
} else if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) {
fprintf(stderr, "Could not Activate TLS connection\n");
exit(1);
}
to
#ifdef LDAP_OPT_X_TLS
if (version != LDAP_VERSION3) {
fprintf(stderr, "TLS requires LDAP version 3\n");
exit(1);
}
Now squid_ldap_auth works fine. Is this a bug, or do I something wrong?
Regards,
Michael
--
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
