SourceForge has been redesigned. Learn more.
Close

#798 LDAP Auth with AD fails

2.0
open
nobody
Web Proxy (40)
5
2014-02-14
2012-07-16
Stenzer
No

I have currently setup ipcop with ldap auth over AD.
If the domain is dc=example,dc=local and you are using the root node as baseDN the authentifaciton fails.
If you use an OU or the standard Users every thing works fine.
So i did some search on the net and found the -R switch for the auth_ldap.
If i add manually the -R switch every thing works fine also the baseDN ist only set to dc=example,dc=local.
auth_param basic program /usr/lib/squid/suid_ldap_auth -R -b "dc=example,dc=local" ....

Discussion

  • Stenzer

    Stenzer - 2012-07-16

    On the Squid home page it is also said to add the -P paramter:
    http://www.squid-cache.org/Versions/v3/3.1/manuals/squid_ldap_auth.html

    "If you want to search for the user DN and your directory does not allow anonymous searches then you must also use the -D and -w flags to specify a user DN and password to log in as to perform the searches, as in the following complex Active Directory example

    squid_ldap_auth -P -R -b "dc=your,dc=domain" -D "cn=squid,cn=users,dc=your,dc=domain" -w "secretsquidpassword" -f "(&(userPrincipalName=%s)(objectClass=Person))" activedirectoryserver"

     
  • Andre Luiz Rodrigues Ferreira

    This works in version 2.0.1. From what I saw is a bug in version 2.0.4. You are missing several lines in the code, including the part that makes authentication (ntlm_auth, ldap_auth), etc..

    Do you have any patch available to fix this bug?

    Thanks!

    André L.R.Ferreira
    alrferreira@netdeep.com.br

     
  • Eric Oberlander

    Eric Oberlander - 2012-08-01

    The method of writing squid.conf was changed between versions 2.0.1 and 2.04. It is now handled by a 'helper' script called usr/local/bin/makesquidconf.pl

    So, I'd look there first.

    Eric

     

Log in to post a comment.