On 19/04/2012 6:59 p.m., Beto Moreno wrote:
Hi people. I had been reading info about squid_ldap_auth vs windows 2003 AD server, I have some questions that would like to know if someone can clear my brain. squid 2.7.x.
http://www.squid-cache.org/Versions/v2/2.HEAD/manuals/squid_ldap_auth.html
Went a user have special characters on his password, once the browser open the credential window it won't accept the user password and the cache.log say: squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' Some knows this rare thing?
LDAP uses the word "bind" to mean query parameters for searching the directory/database for something.
Adding the debug (-d) option may explain a bit.
Second, what is the different between this to settings: auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v 3 -b dc=example,dc=local -D cn=squid,cn=Users,dc=example,dc=local -w password -f "sAMAccountName=%s" -u uid -P 192.168.50.104:389 auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v 3 -b dc=example,dc=local -D "squid@example.local" -w password -f "sAMAccountName=%s" -u uid -P 192.168.50.104:389
The LDAP account used by Squid (-D option) differs in its representation syntax. see LDAP protocol for what it all means.
Both works. Last thing, do we need to use a super-user from AD to bind to the AD server? or we just need a normal user?
You just said the "squid@example.local" account worked. Minimal privileges is recommended.
Amos