Search squid archive

LDAP/idiot problem!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi everyone

I'm looking for some inspiration because I am drawing a complete blank! A 
few years ago I set up my company's squid boxes - a pair of servers both 
identically configured and using LDAP authentication against an Active 
Directory domain. It took quite some time to get it all working properly 
but eventually it all got going and ran smoothly. I then left the company 
for a spell and now find myself back and detailed with rebuilding the 
squid servers onto newer boxes because the hardware is a little long in 
the tooth and now the software is too - the original servers were on RHEL 
3 boxes and the subscriptions to get updates were never renewed.

One of the servers failed and has been replaced with a newer box which I 
have built, as instructed, with CentOS 5. All seems okay but when I 
transplant the config file from the (now very hard-working) live machine I 
am getting an LDAP error with the lookup. Clearly I either missed 
installing something fundamental when I built the server (the idiot 
scenario) or something has changed syntactically with the options but I 
have searched diligently through the man pages and can't find any reason 
why what did work no longer works.

Here is the line from squid.conf working on the live box (2.5.STABLE3):

auth_param basic program /usr/lib/squid/squid_ldap_auth
-b "dc=cs-plc,dc=salvesen,dc=com"
-D "cn=Ldap User,ou=users,ou=ND House (slh / 
wel),ou=UK,dc=cs-plc,dc=salvesen,dc=com" -w (password)
-f "(&(sAMAccountName=%s)(memberOf=CN=InternetUsers,OU=Groups,OU=ND House 
(slh / wel),OU=UK,DC=cs-plc,DC=salvesen,DC=com))"
-h 10.1.2.1
-p 3268

The new box where this doesn't work is at 2.6.STABLE6. Attempts to 
authenticate result in the logfile showing:

squid_ldap_auth: WARNING, LDAP search error 'Bad search filter'

Has anybody got any insight? At present I've cut back the filter to -f 
"sAMAccountName=%s" which is at least forcing authentication but not 
checking the group membership.

Ian Large

Please consider your environmental responsibility:
Before printing this e-mail or any other document, ask yourself whether you need a hard copy.

--------------------------------------------------------------------------------

For information on Norbert Dentressangle visit our website at www.norbert-dentressangle.com.

The information contained in this e-mail is strictly confidential and for the use of the addressee only; it may also be legally privileged and / or price sensitive.  Notice is hereby given that any disclosure, use or copying of the information by anyone other than the intended recipient is prohibited and may be illegal.  If you have received this message in error, please notify the sender immediately by return e-mail.

We have taken every reasonable precaution to ensure that any attachment to this e-mail has been swept for viruses.  However, we cannot accept liability for any damage sustained as a result of software viruses and would advise that you carry out your own virus checks before opening any attachment.

Groupe Norbert Dentressangle SA (RCS Romans 309 645 539 00037) is the ultimate holding company within the Norbert Dentressangle group of companies, whose registered office is at Les Pierrelles BP98 - Beausemblant 26241 Saint-Vallier-sur-Rhone Cedex, France.


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux