Re: [squid-users] squid openldap problem from muratisik on 2005-06-03 (squid-users)

From: muratisik <murat.isik@dont-contact.us>
Date: Fri, 3 Jun 2005 20:56:40 +0300

Thanks for the reply

yes, from comand line both helpers work:

/usr/lib/squid/squid_ldap_auth -b ou=squid,dc=muratisik,dc=homelinux,dc=org -f "(&(uid=%
s)(objectClass=inetOrgPerson))" -h 127.0.0.1
tester tester
OK

/usr/lib/squid/squid_ldap_group -b ou=squid,dc=muratisik,dc=homelinux,dc=org -B
ou=squid,dc=muratisik,dc=homelinux,dc=org -F "(uid=%s)" -f "(&(cn=squid_allowed)
(member=%u)(objectClass=groupOfNames))" -h 127.0.0.1
tester tester
OK

BTW I am running fedora core 3 (with latest updates)

Also this the slapd.log part for a failing squid authentication:

Jun 3 20:48:24 muratisik slapd[28574]: conn=10 fd=13 ACCEPT from IP=127.0.0.1:42096
(IP=0.0.0.0:389)
Jun 3 20:48:24 muratisik slapd[28574]: conn=10 op=0 SRCH
base="ou=squid,dc=muratisik,dc=homelinux,dc=org" scope=2 deref=0 filter="(uid=mom)"
Jun 3 20:48:24 muratisik slapd[28574]: conn=10 op=0 SRCH attr=1.1
Jun 3 20:48:24 muratisik slapd[28574]: conn=10 op=0 SEARCH RESULT tag=101 err=0
nentries=1 text=
Jun 3 20:48:24 muratisik slapd[28574]: conn=10 op=1 SRCH
base="ou=squid,dc=muratisik,dc=homelinux,dc=org" scope=2 deref=0 filter="(&
(cn=squid_allowed)(member=uid=mom,ou=squid,dc=muratisik,dc=homelinux,dc=org)
(objectClass=groupOfNames))"
Jun 3 20:48:24 muratisik slapd[28574]: conn=10 op=1 SRCH attr=1.1
Jun 3 20:48:24 muratisik slapd[28574]: <= bdb_equality_candidates: (member)
index_param failed (18)
Jun 3 20:48:24 muratisik slapd[28574]: conn=10 op=1 SEARCH RESULT tag=101 err=0
nentries=1 text=
Jun 3 20:48:24 muratisik slapd[28574]: conn=10 op=2 UNBIND
Jun 3 20:48:24 muratisik slapd[28574]: conn=10 fd=13 closed

Have a nice day

On Fri, 03 Jun 2005 17:07:28 +0200, Emilio Casbas wrote
> Murat Isik wrote:
>
> >Hello,
> >
> >I am trying to get squid authenticate with openldap. I have googled,
> >searched the mail archives and read the mans but it is still not working. My
> >slapd.conf:
> >
> >include /etc/openldap/schema/core.schema
> >include /etc/openldap/schema/cosine.schema
> >include /etc/openldap/schema/inetorgperson.schema
> >include /etc/openldap/schema/nis.schema
> >include /etc/openldap/schema/corba.schema
> >include /etc/openldap/schema/misc.schema
> >include /etc/openldap/schema/openldap.schema
> >include /etc/openldap/schema/dyngroup.schema
> >include /etc/openldap/schema/java.schema
> >include /etc/openldap/schema/redhat/autofs.schema
> >
> >allow bind_v2
> >
> >pidfile /var/run/slapd.pid
> >argsfile /var/run/slapd.args
> >
> >database bdb
> >suffix "dc=muratisik,dc=homelinux,dc=org"
> >rootdn "cn=Manager,dc=muratisik,dc=homelinux,dc=org"
> >rootpw ortak_nokta
> >
> >directory /var/lib/ldap
> >
> >index objectClass eq,pres
> >index ou,cn,mail,surname,givenname eq,pres,sub
> >index uidNumber,gidNumber,loginShell eq,pres
> >index uid,memberUid eq,pres,sub
> >index nisMapName,nisMapEntry eq,pres,sub
> >
> >
> >my openldap ldif:
> >
> >version: 1
> >
> ># LDIF Export for: dc=muratisik,dc=homelinux,dc=org
> ># Generated by phpLDAPadmin ( http://phpldapadmin.sourceforge.net/ ) on June
> >3, 2005 4:05 pm
> ># Server: My LDAP Server (127.0.0.1)
> ># Search Scope: sub
> ># Search Filter: (objectClass=*)
> ># Total Entries: 6
> >
> ># Entry 1: dc=muratisik,dc=homelinux,dc=org
> >dn: dc=muratisik,dc=homelinux,dc=org
> >dc: muratisik
> >o: muratisik.homelinux.org
> >objectClass: dcObject
> >objectClass: organization
> >objectClass: top
> >
> ># Entry 2: cn=Manager,dc=muratisik,dc=homelinux,dc=org
> >dn: cn=Manager,dc=muratisik,dc=homelinux,dc=org
> >cn: Manager
> >objectClass: organizationalRole
> >objectClass: top
> >
> ># Entry 3: ou=squid,dc=muratisik,dc=homelinux,dc=org
> >dn: ou=squid,dc=muratisik,dc=homelinux,dc=org
> >ou: squid
> >objectClass: top
> >objectClass: organizationalUnit
> >
> ># Entry 4: uid=murat,ou=squid,dc=muratisik,dc=homelinux,dc=org
> >dn: uid=murat,ou=squid,dc=muratisik,dc=homelinux,dc=org
> >uid: murat
> >givenName: Murat
> >sn: Isik
> >cn: muratisik
> >userPassword: secret
> >loginShell: /bin/bash
> >uidNumber: 504
> >gidNumber: 504
> >homeDirectory: /home/murat
> >shadowMin: -1
> >shadowMax: 999999
> >shadowWarning: 7
> >shadowInactive: -1
> >shadowExpire: -1
> >shadowFlag: 0
> >objectClass: top
> >objectClass: person
> >objectClass: posixAccount
> >objectClass: shadowAccount
> >objectClass: inetOrgPerson
> >
> ># Entry 5: uid=tester,ou=squid,dc=muratisik,dc=homelinux,dc=org
> >dn: uid=tester,ou=squid,dc=muratisik,dc=homelinux,dc=org
> >uid: tester
> >givenName: tester
> >sn: tester
> >cn: tester
> >userPassword: tester
> >loginShell: /bin/bash
> >uidNumber: 505
> >gidNumber: 505
> >homeDirectory: /home/tester
> >shadowMin: -1
> >shadowMax: 999999
> >shadowWarning: 7
> >shadowInactive: -1
> >shadowExpire: -1
> >shadowFlag: 0
> >objectClass: top
> >objectClass: person
> >objectClass: posixAccount
> >objectClass: shadowAccount
> >objectClass: inetOrgPerson
> >
> ># Entry 6: cn=squid_allowed,ou=squid,dc=muratisik,dc=homelinux,dc=org
> >dn: cn=squid_allowed,ou=squid,dc=muratisik,dc=homelinux,dc=org
> >cn: squid_allowed
> >member: uid=tester,ou=squid,dc=muratisik,dc=homelinux,dc=org
> >objectClass: groupOfNames
> >objectClass: top
> >
> >
> >my squid.conf:
> >
> >auth_param basic program /usr/lib/squid/squid_ldap_auth -b
> >ou=squid,dc=muratisik,dc=homelinux,dc=org -f
> >(&(uid=%s)(objectClass=inetOrgPerson)) -h 127.0.0.1
> >
> >
> Have you tested the squid_ldap_auth binary in command line?
> From ../squid-2.5.STABLEX/helpers/basic_auth/LDAP
> type
> nroff -man squid_ldap_auth.8 |more
>
> >
> >external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -b
> >ou=squid,dc=muratisik,dc=homelinux,dc=org -B
> >ou=squid,dc=muratisik,dc=homelinux,dc=org -F (uid=%s) -f
> >(&(cn=%g)(member=%u)(objectClass=groupOfNames)) -h 127.0.0.1
> >
> >acl AUTENTIC proxy_auth REQUIRED
> >acl INTERNET external ldap_group squid_allowed
> >
> >http_access allow INTERNET
> >http_access allow AUTENTIC INTERNET
> >
> >
> >When I enter the username and password (tester/tester) when the browser pops
> >up the squid auth box, I get "Cache Access Denied."
> >
> >Thanks in advance.
> >
> >Have a nice day
> >
> >Murat Isik
> >
> >
> >
> --
> Thanks
> Emilio C.

--
Open WebMail Project (http://openwebmail.org)

Received on Fri Jun 03 2005 - 11:56:46 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:02 MDT