Am Wed, 24 Nov 2010 08:59:05 -0300 schrieb Bruno Lamps <[email protected]>:
> Hi everybody, > > I spent some days reading the ebook "Ldap for rocket scientists" ( > zytrax.com/books/ldap/) and I've succesfully (I think it's a success > =3 ) created a VM with debian lenny and openldap running. > > After that, I created another VM, running IPfire (www.ipfire.org) > distro, this will be the firewall of the SMB I'm working for. Now I'm > trying to authenticate the squid proxy, installed in IPFire distro, > integrating it with my openldap server. A screenshot of my IPFire's > webGUI and phpldapadmin webGUI can be seen at this topic: > http://forum.ipfire.org/index.php?topic=3404.0 > > But the authentication isn't running, the browser using squid proxy > keeps asking me for username and password. Suspecting that the webGUI > could be making some mistake in squid config file, I started editing > it's parameters manually. Right now, the ldap authentication line in > my squid.conf looks like this: > > *auth_param basic program /usr/lib/squid/squid_ldap_auth -D > "cn=admin,dc=pisolar" -w "mypassword" -b "ou=usuarios,dc=pisolar" -h > 192.168.1.7 -v 3* > * > * > *cn=admin,dc=pisolar *= my root user. > * > * > *ou=usuarios,dc=pisolar *= the OU where my users are stored. > * > * > I opened slapd in debug mode (slapd -d 255) in my openldap > debian-powered VM, and this is the text shown when I try to > authenticate in my browser: [...] > > => bdb_dn2id("ou=usuarios,dc=pisolar") > <= bdb_dn2id: got id=0xb > => bdb_dn2id("uid=lamps,ou=usuarios,dc=pisolar") > <= bdb_dn2id: got id=0x10 > entry_decode: "uid=lamps,ou=usuarios,dc=pisolar" > <= entry_decode(uid=lamps,ou=usuarios,dc=pisolar) > => access_allowed: auth access to "uid=lamps,ou=usuarios,dc=pisolar" > "userPassword" requested > => acl_get: [1] attr userPassword > => slap_access_allowed: result not in cache (userPassword) > => acl_mask: access to entry "uid=lamps,ou=usuarios,dc=pisolar", attr > "userPassword" requested > => acl_mask: to value by "", (=0) > <= check a_dn_pat: cn=admin,dc=pisolar > <= check a_dn_pat: anonymous > <= acl_mask: [2] applying none(=0) (stop) > <= acl_mask: [2] mask: none(=0) > => slap_access_allowed: auth access denied by none(=0) [...] check your access rules, as access to attribute usrPassword is denied, read the few lines above. > I tried to set a lot of different config syntaxes at squid.conf, but > it always come to the same kind of problem at slapd debug: After > reading the user CN and his password, slapd fails to read something > else (ldap_read: want=8 error=Resource temporarily unavailable) and > then it doesn't authenticates. > > What I'm doing wrong? Is there any problem with my openldap server? > With squid? =( I think, both are misconfigured. The module squid_ldap_auth requires a parameter -u, in order to define the attribute type, which can be either uid or cn. -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:8EF7B6C6 53°37'09,95"N 10°08'02,42"E
