Hy to all!
I was trying to authenticate Endian Squid users against an Active Directory,
but after some tests, I figure out that's Endian wrote a wrong squid.conf file
for my AD.
First Endian is missing "-v 3" when use with "Active Directory" LDAP option.
Second, Endian is allways missing the first LDAP level after the AD BaseDN, for
example:
I have:
memberOf=cn=Internet,CN=Users,DC=teste,DC=com
But Endian wrotes a squid.conf like this:
memberOf=cn=Internet,DC=teste,DC=com
Again I have:
memberOf=CN=Administradores,CN=Builtin,DC=teste,DC=com
But Endian wrotes a squid.conf like this:
memberOf=cn=Administradores,DC=teste,DC=com
Here my diff from squid.conf generated by Endian and my squid.conf finaly
working against my Active directory:
[EMAIL PROTECTED]:/etc/squid # diff -Nru squid.conf squid.conf-OK
--- squid.conf 2008-06-04 21:03:38.000000000 -0300
+++ squid.conf-OK 2008-06-04 20:29:06.000000000 -0300
@@ -63,16 +63,16 @@
# START AUTHENTICATION
# METHOD is LDAP
-auth_param basic program /usr/lib/squid/squid_ldap_auth -b "DC=teste,DC=com"
-d -D "CN=Administrador,CN=Users,DC=teste,DC=com" -w "PASSWORD" -f
"(&(&(objectClass=person)(sAMAccountName=%s))(|(memberOf=cn=Administradores,DC=teste,DC=com)(memberOf=cn=Internet,DC=teste,DC=com)))"
-u sAMAccountName -P 192.168.0.200:389
+auth_param basic program /usr/lib/squid/squid_ldap_auth -v 3 -b
"DC=teste,DC=com" -d -D "CN=Administrador,CN=Users,DC=teste,DC=com" -w
"PASSWORD" -f
"(&(&(objectClass=person)(sAMAccountName=%s))(|(memberOf=cn=Administradores,DC=teste,DC=com)(memberOf=cn=Internet,CN=Users,DC=teste,DC=com)))"
-u sAMAccountName -P 192.168.0.200:389
auth_param basic children 20
auth_param basic realm Endian Advanced Proxy Server
auth_param basic credentialsttl 60 minutes
-external_acl_type ldap_group ttl=300 %LOGIN /usr/lib/squid/squid_ldap_group -b
"DC=teste,DC=com" -d -D "CN=Administrador,CN=Users,DC=teste,DC=com" -w
"PASSWORD" -f "(&(&(objectClass=person)(sAMAccountName=%u))(memberOf=%g))" -P
192.168.0.200:389
+external_acl_type ldap_group ttl=300 %LOGIN /usr/lib/squid/squid_ldap_group -v
3 -b "DC=teste,DC=com" -d -D "CN=Administrador,CN=Users,DC=teste,DC=com"-w
"PASSWORD" -f "(&(&(objectClass=person)(sAMAccountName=%u))(memberOf=%g))" -P
192.168.0.200:389
-acl for_group1_users external ldap_group cn=Administradores,DC=teste,DC=com
-acl for_group3_users external ldap_group cn=Internet,DC=teste,DC=com
+acl for_group1_users external ldap_group
cn=Administradores,CN=Builtin,DC=teste,DC=com
+acl for_group3_users external ldap_group cn=Internet,CN=Users,DC=teste,DC=com
acl for_inetusers proxy_auth REQUIRED
# END AUTHENTICATION
Has all of you can see, Endian is missing "CN=Builtin", "CN=Users" and "-v 3"
from configurarion. I guess it's a problem with ldap_enabled_groups variable.
Regards,
Daniel
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
