On 19/04/2012 6:59 p.m., Beto Moreno wrote:
Hi people.
I had been reading info about squid_ldap_auth vs windows 2003 AD
server, I have some questions that would like to know if someone can
clear my brain.
squid 2.7.x.
http://www.squid-cache.org/Versions/v2/2.HEAD/manuals/squid_ldap_auth.html
Went a user have special characters on his password, once the browser
open the credential window it won't accept the user password and the
cache.log say:
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
Some knows this rare thing?
LDAP uses the word "bind" to mean query parameters for searching the
directory/database for something.
Adding the debug (-d) option may explain a bit.
Second, what is the different between this to settings:
auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v 3
-b dc=example,dc=local -D cn=squid,cn=Users,dc=example,dc=local -w
password -f "sAMAccountName=%s" -u uid -P 192.168.50.104:389
auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v 3
-b dc=example,dc=local -D "squid@example.local" -w password -f
"sAMAccountName=%s" -u uid -P 192.168.50.104:389
The LDAP account used by Squid (-D option) differs in its representation
syntax. see LDAP protocol for what it all means.
Both works.
Last thing, do we need to use a super-user from AD to bind to the AD
server? or we just need a normal user?
You just said the "squid@example.local" account worked. Minimal
privileges is recommended.
Amos
