Search squid archive

Re: squid_ldap_auth to AD user credentials?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 19/04/2012 6:59 p.m., Beto Moreno wrote:
  Hi people.

  I had been reading info about squid_ldap_auth vs windows 2003 AD
server, I have some questions that would like to know if someone can
clear my brain.

  squid 2.7.x.

http://www.squid-cache.org/Versions/v2/2.HEAD/manuals/squid_ldap_auth.html


  Went a user have special characters on his password, once the browser
open the credential window it won't accept the user password and the
cache.log say:

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

Some knows this rare thing?

LDAP uses the word "bind" to mean query parameters for searching the directory/database for something.

Adding the debug (-d) option may explain a bit.


Second, what is the different between this to settings:

auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v 3
-b dc=example,dc=local -D cn=squid,cn=Users,dc=example,dc=local -w
password -f "sAMAccountName=%s" -u uid -P 192.168.50.104:389
auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v 3
-b dc=example,dc=local -D "squid@example.local" -w password -f
"sAMAccountName=%s" -u uid -P 192.168.50.104:389

The LDAP account used by Squid (-D option) differs in its representation syntax. see LDAP protocol for what it all means.

Both works.

  Last thing, do we need to use a super-user from AD to bind to the AD
server? or we just need a normal user?

You just said the "squid@example.local" account worked. Minimal privileges is recommended.

Amos


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux