Re: [squid-users] squid_ldap_auth problem after W2003 upgrade

From: Mark Krawec <mark@dont-contact.us>
Date: Thu, 14 Oct 2004 10:30:59 -0800

I think I'm using a consistent search bind DN and still getting an error after
the 2003 upgrade.

Successful ldapsearch query:
ldapsearch -b "DC=scif, DC=com" -D "CN=Squid1, OU=FD, OU=Fairfield, DC=scif,
DC=com" -w "password" -H ldaps://fddc02.scif.com:636/ -S /usr/local/ssl/certs
-x "(SamAccountName=Squid1)" cn
version: 2

#
# filter: (SamAccountName=Squid1)
# requesting: cn
#

# Squid1 Proxy, FD, Fairfield, scif, com
dn: CN=Squid1 Proxy,OU=FD,OU=Fairfield,DC=scif,DC=com
cn: Squid1 Proxy

squid_ldap_auth query fails:
echo "Squid1 password" | /usr/local/squid/libexec/squid_ldap_auth -H
ldaps://fddc02.scif.com:636/ -D "CN=Squid1, OU=FD, OU=Fairfield, DC=scif,
DC=com" -w "password" -P -b "DC=scif,DC=com" -f "(SamAccountName=Squid1)"
squid_ldap_auth: WARNING, LDAP search error 'Operations error'
ERR

Any ideas on why squid_ldap_auth fails and ldapsearch succeeds? The same
squid_ldap_auth query was working until our domain controllers were upgraded
to 2003.

Thanks,

Mark

On Thu, 14 Oct 2004 10:12:43 +0200 (CEST), Henrik Nordstrom wrote
>
> The search bind DN is not correct, and does not match your
> successful ldapsearch
>
> To be least confusing your should specify a LDAP DN in both. Relying
> on the LDAP server to understand shorthand aliases like
> squid@scif.com can be a little confusing.
>
> Regards
> Henrik

_______________________________________________________________
Mark Krawec mark@krawecnet.com
"Earth First" (We'll strip mine the other planets later)
Received on Thu Oct 14 2004 - 11:31:07 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Nov 01 2004 - 12:00:02 MST