Re: [squid-users] squid_ldap_auth: Could not Activate TLS connection

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Thu, 21 Dec 2006 00:39:17 +0100

tis 2006-12-19 klockan 16:07 +0100 skrev michael.2006@gmx.net:

> I'm using squid_ldap_auth to authenticate against our LDAP server.
> Our LDAP server accepts only ldaps (port 636) and anonymouse simple bind is disabled.

> And now my problem... squid_ldap_auth doesn't work:
> $ echo "<user> <password>" | /usr/local/squid/libexec/squid_ldap_auth -u cn -b o=xxx -f "(&(cn=<user>)(groupMembership=cn=xxx,o=xxx))" -H ldaps://server.domain -v 3 -Z
> Could not Activate TLS connection

Hmm.. I don't think you can mix both ldaps (LDAP over SSL/TLS) and TLS
(TLS encryption within LDAP).. That would be double encryption and
probably not supported neither by OpenLDAP or your server. Try without
-Z.

Also note that ldaps is considered obsolete, and any new LDAPv3
implementations should use TLS instead. ldaps is only specified for
LDAPv2. But most LDAPv3 implementations also supporting LDAPv2 supports
ldaps for LDAPv3 as well.

Also if anonymous simple bind is disabled then you need to provide an
account squid_ldap_auth should use while performing the searches. But
that's the next step in the process after the connection has been
established..

Regards
Henrik

Received on Wed Dec 20 2006 - 16:39:22 MST

This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST