What have you tried to test the helpers by themselves? Let say you run from the command line the command which squid runs and like in the example in the mailing list which I attached, What happens? Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx -----Original Message----- From: bjoern wahl [mailto:bjoern.wahl@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, December 14, 2016 2:06 PM To: squid-users@xxxxxxxxxxxxxxxxxxxxx; eliezer@xxxxxxxxxxxx Subject: Antw: RE: Antw: RE: squid-3.3.8-26.el7_2.4.x86_64 using Novell eDirectory with /usr/lib64/squid/digest_edirectory_auth I would like to use a group, but i would be happy if anything with ldap would be working. Just in case, i did a tcpdump an i can see that the server communicates with the ldap-server, and that the squid gets an answer. >>> Eliezer Croitoru <eliezer@xxxxxxxxxxxx> 13.12.16 14.37 Uhr >>> Which of the helpers are you having issues with? The Group or the user one? I did some experiment with ldap groups which can be found at: http://lists.squid-cache.org/pipermail/squid-users/2015-July/004874.html Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx -----Original Message----- From: bjoern wahl [mailto:bjoern.wahl@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, December 13, 2016 9:15 AM To: squid-users@xxxxxxxxxxxxxxxxxxxxx; eliezer@xxxxxxxxxxxx Subject: Antw: RE: squid-3.3.8-26.el7_2.4.x86_64 using Novell eDirectory with /usr/lib64/squid/digest_edirectory_auth Hello! Thanks for the fast response. I got the Ldap-Auth working with SLES11.4 / squid3-3.1.23-8.16.33.2 ========================================================================================================= auth_param basic program /usr/sbin/squid_ldap_auth -d -D "cn=xxx,o=xxxx" -w xx -b o=x -s sub -f "(&(objectclass=User)(cn=%s))" -h ldaps://xxxx -p 636 external_acl_type ldap_group %LOGIN /usr/sbin/squid_ldap_group -d -D "cn=xx,o=x" -w ldap -b o=x -s sub -f "(&(objectclass=User)(cn=%u)(groupMembership=%g))" -h ldaps://x -p 636 ========================================================================================================= but now i would like to do it with CentOS Linux release 7.2.1511 / squid-3.3.8-26.el7_2.4.x86_64 and it turned out the I have no more "squid_ldap_auth" but i found "basic_ldap_auth". So it tried switching "squid_ldap_auth" to "basic_ldap_auth" but that did not work.... I get the login window, but even if i enter a vaild user, i can not access a website. squid.conf looks like this: ========================================================================================================= auth_param basic program /usr/lib64/squid/basic_ldap_auth -d -D "cn=xxx,o=xxx" -w xxx -b o=xxx -s sub -f "(&(objectclass=User)(cn=%s))" -h ldaps://xxxx -p 636 auth_param basic children 5 auth_param basic credentialsttl 2 hours acl ediruser proxy_auth REQUIRE http_access allow ediruser http_access deny all ========================================================================================================= >>> Eliezer Croitoru <eliezer@xxxxxxxxxxxx> 12.12.16 15.28 Uhr >>> Hey, digest_edirectory_auth is not for LDAP but for edirectory but I a not too familiar with this to tell you how to test. Basically you need a "basic" ldap authentication helper Which the source is: http://bazaar.launchpad.net/~squid/squid/3.5/files/head:/helpers/basic_auth/LDAP/ And we are also missing the squid.conf. Try find out if there some helper in the /usr/lib64/squid/ directory which contains ldap. Let me know if we are on the right direction. Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of bjoern wahl Sent: Monday, December 12, 2016 3:53 PM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: squid-3.3.8-26.el7_2.4.x86_64 using Novell eDirectory with /usr/lib64/squid/digest_edirectory_auth Hello! I would like to install a squid-3.3.8-26.el7_2.4.x86_64 (CentOS7) using LDAP auth with digest_edirectory_auth, but i can not get it working. Does anybody user this ? I tried: /usr/lib64/squid/digest_edirectory_auth -A password -l : -e -v 3 -D "cn=xxxx,o=xxxxx" -b "o=xxxxx" -w xxxx -b o=xxxx -s sub -F "(&(objectclass=User)(cn=%s))" -Z -h ldaps://xxxxxx -n but i only get: user1 pw1 ERR user2 pw2 ERR user3 pw3 ERR Any ideas ? Thanks, Björn ! Träger: Klinikum Westmünsterland GmbHGeschäftsführer: Christoph Bröcker, Ludger Hellmann (Sprecher) Aufsichtsratsvorsitzender: Jürgen Büngeler Diese E-Mail enthält vertrauliche oder rechtlich geschützte Informationen. Wenn Sie nicht der beabsichtigte Empfänger sind, informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail. Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der enthaltenen Informationen ist nicht gestattet. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users Träger: Klinikum Westmünsterland GmbH Jur. Sitz der Gesellschaft: Am Boltenhof 7, 46325 Borken Registergericht Coesfeld, HRB Nr. 4184 I Ust.-Id.Nr.: DE123762133 Geschäftsführer: Christoph Bröcker, Ludger Hellmann (SprechDiese E-Mail enthält vertrauliche oder rechtlich geschützte Informationen. Wenn Sie nicht der beabsichtigte Empfänger sind, informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail. Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der enthaltenen Informationen ist nicht gestattet. Träger: Klinikum Westmünsterland GmbH Jur. Sitz der Gesellschaft: Am Boltenhof 7, 46325 Borken Registergericht Coesfeld, HRB Nr. 4184 I Ust.-Id.Nr.: DE123762133 Geschäftsführer: Christoph Bröcker, Ludger Hellmann (Sprecher) Aufsichtsratsvorsitzender: Jürgen Büngeler Diese E-Mail enthält vertrauliche oder rechtlich geschützte Informationen. Wenn Sie nicht der beabsichtigte Empfänger sind, informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail. Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der enthaltenen Informationen ist nicht gestattet. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
