Re: [squid-users] Squid LDAP Auth and ACL Integration

From: Chris Robertson <crobertson_at_gci.net>
Date: Mon, 04 Jan 2010 11:43:01 -0900

ml ml wrote:
> Hi,
>
> thanks for the reply.
>
> However, i cant get the proof-of-concept working on the command line:
>
> echo "mo" | squid_ldap_group -b "dc=my-domain,dc=com" -f "cn=mo" -F
> "cn=mo" -h localhost -D "cn=Manager,dc=my-domain,dc=com" -w secret
>
> it always returns ERR.

So, user with common name of "mo" is apparently not a member of the
group with common name "mo". You are statically assigning your search
filters, which will return the same results for every run.

> If i do a "tcpdump -i any -n port 389" then i
> cant see any traffic at all.
>
> Any idea how i can debug this? the "-d" option does not seem to do any
> debugging!
>

That's very odd. The -d option should print messages:
* upon successful LDAP connection (with a failed connection being
reported regardless of debugging being set)
* confirming the group filter and searchbase
* confirming the user filter and searchbase

Try putting -d as the first argument. It shouldn't matter, but doing so
will assure it's not being "missed".

> Thanks,
> Mario

Chris
Received on Mon Jan 04 2010 - 20:43:19 MST

This archive was generated by hypermail 2.2.0 : Tue Jan 05 2010 - 12:00:02 MST