tis 2006-12-19 klockan 16:07 +0100 skrev michael.2006@xxxxxxx: > I'm using squid_ldap_auth to authenticate against our LDAP server. > Our LDAP server accepts only ldaps (port 636) and anonymouse simple bind is disabled. > And now my problem... squid_ldap_auth doesn't work: > $ echo "<user> <password>" | /usr/local/squid/libexec/squid_ldap_auth -u cn -b o=xxx -f "(&(cn=<user>)(groupMembership=cn=xxx,o=xxx))" -H ldaps://server.domain -v 3 -Z > Could not Activate TLS connection Hmm.. I don't think you can mix both ldaps (LDAP over SSL/TLS) and TLS (TLS encryption within LDAP).. That would be double encryption and probably not supported neither by OpenLDAP or your server. Try without -Z. Also note that ldaps is considered obsolete, and any new LDAPv3 implementations should use TLS instead. ldaps is only specified for LDAPv2. But most LDAPv3 implementations also supporting LDAPv2 supports ldaps for LDAPv3 as well. Also if anonymous simple bind is disabled then you need to provide an account squid_ldap_auth should use while performing the searches. But that's the next step in the process after the connection has been established.. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
