Re: [squid-users] 2 ldap servers with different dn

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 20 May 2003 09:34:55 +0200

On Monday 19 May 2003 23.29, jamie wrote:

> So heres what my /usr/lib/squid/open2 is looking like these days
>
> #!/usr/bin/perl
> use IPC::Open2;
> open2(*read1,*write1,"/usr/lib/squid/squid_ldap_auth -u cn -b
> ou=people,dc=newberg,dc=k12,dc=or,dc=us -f '(uid=%s)' -h
> ldap.newberg.k12.or.us");
> open2(*read2,*write2,"/usr/lib/squid/squid_ldap_auth -u cn -b
> o=DIST -f '(cn=%s)' -h 172.16.16.30");
> while(<>) {
> print write1 $_; $ans = <read1>;
> if ($ans =~ /^OK/) { print $ans; next; }
> print write2 $_; $ans = <read2>;
> if ($ans =~ /^OK/) { print $ans; next; }
> print $ans;
> }
>
> I restarted squid and restarted my browser. When I request a
> webpage I get a log and password box. I enter my log and pass but I
> don't get an error.. Like if I entered the wrong log and pass.. It
> just kinda sits there.

You are missing a

$|=1;

at the top of the script.

This was missing in the very first open2 perl script posted on
squid-users. Corrected later..

> When I look at the logs on the ldap server its not even getting the
> request from squid, when I am using the open2 wrapper.

That it should..

Do you get any error when running the helper from the command line?

> I think you mentioned trying to test open2 from the command line
> but I think I am doing that wrong.
>
> Do I just type
>
> ./open2
>
> When I do that it just sits there at a blank line! HAHA! Sorry I'm
> stumped on this.

It should. You now have to give it a username and password to verify..

username <space> password <enter>
and the helper should respond with OK / ERR indicating if the login
was successful or not. If you get any other messages there is a
problem.

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Tue May 20 2003 - 01:33:20 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:46 MST