|
Hello Markus, No, im not useing the latest from trunk Atm
i use the ( by debian testing ) supplied 3.5.19. If you want me test test something, im
happy to do that for you. Best regards, Louis Van: squid-users
[mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] Namens Markus Moeller Hi Louis, I made lately a change
in how the SSL certifcate verification is done. Did you use the latest
version from trunk ? Also set the variable TLS_CACERTFILE in your startup
script (e.g. export TLS_CACERTFILE=/etc/mydir/cas.pem ). I do not read any
ldap.conf file for this yet. Markus "L.P.H. van
Belle" <belle@xxxxxxxxx> wrote in message
news:vmime.57beabe1.6a01.3a47ad2737b8db71@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx... Hai, I’ve
added the needed upn, setup the _ldaps in the dns zones, thats ok now. The last part, here i need some help. support_ldap.cc(942): pid=26693
:2016/08/25 08:52:33| kerberos_ldap_group: DEBUG: Setting up connection to ldap
server samba-dc1.internal.domain.tld:636 support_ldap.cc(786): pid=26693
:2016/08/25 08:52:33| kerberos_ldap_group: DEBUG: Set SSL defaults support_ldap.cc(531): pid=26693
:2016/08/25 08:52:33| kerberos_ldap_group: DEBUG: Enable server certificate
check for ldap server. support_ldap.cc(544): pid=26693
:2016/08/25 08:52:33| kerberos_ldap_group: DEBUG: Set certificate file for ldap
server to /etc/ssl/certs/cert.pem.(Changeable through setting environment
variable TLS_CACERTFILE) support_ldap.cc(800): pid=26693
:2016/08/25 08:52:33| kerberos_ldap_group: ERROR: Error while setting start_tls
for ldap server: Can't contact LDAP server support_ldap.cc(953): pid=26693
:2016/08/25 08:52:33| kerberos_ldap_group: DEBUG: Bind to ldap server with
SASL/GSSAPI support_sasl.cc(276): pid=26693
:2016/08/25 08:52:33| kerberos_ldap_group: ERROR: ldap_sasl_interactive_bind_s
error: Can't contact LDAP server support_ldap.cc(957): pid=26693
:2016/08/25 08:52:33| kerberos_ldap_group: ERROR: Error while binding to ldap
server with SASL/GSSAPI: Can't contact LDAP server support_ldap.cc(942): pid=26693
:2016/08/25 08:52:33| kerberos_ldap_group: DEBUG: Setting up connection to ldap
server samba-dc2.internal.domain.tld:636 support_ldap.cc(786): pid=26693
:2016/08/25 08:52:33| kerberos_ldap_group: DEBUG: Set SSL defaults support_ldap.cc(531): pid=26693
:2016/08/25 08:52:33| kerberos_ldap_group: DEBUG: Enable server certificate
check for ldap server. support_ldap.cc(544): pid=26693
:2016/08/25 08:52:33| kerberos_ldap_group: DEBUG: Set certificate file for ldap
server to /etc/ssl/certs/cert.pem.(Changeable through setting environment
variable TLS_CACERTFILE) support_ldap.cc(800): pid=26693
:2016/08/25 08:52:33| kerberos_ldap_group: ERROR: Error while setting start_tls
for ldap server: Can't contact LDAP server support_ldap.cc(953): pid=26693
:2016/08/25 08:52:33| kerberos_ldap_group: DEBUG: Bind to ldap server with
SASL/GSSAPI support_sasl.cc(276): pid=26693
:2016/08/25 08:52:33| kerberos_ldap_group: ERROR: ldap_sasl_interactive_bind_s
error: Can't contact LDAP server support_ldap.cc(957): pid=26693
:2016/08/25 08:52:33| kerberos_ldap_group: ERROR: Error while binding to ldap
server with SASL/GSSAPI: Can't contact LDAP server I tried to set TLS_CACERTFILE in ldap.conf, didnt work,
so dont know how to fix this or there to put these variables. I need a user to connect to the
ldap. Hi have that one in place. I just can find how to put this in this
line so i can test this out, but i can only authenticate if the TLS_CACERTFILE
is set correctly. Any suggestions here? Greetz, Louis _______________________________________________ |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
