Squid and LDAP authentication
-
Hi,
I testing squid with authentication via LDAP in Pfsense RC2.
In the web interface I enter the following:
authentication server: 192.168.161.20
ldap server user dn: cn=proxy_user,ou=internet,dc=fazenda,dc=com,dc=br
ldap password: xxxxxx
ldap base domain: dc=fazenda,dc=com,dc=brWhen I press "save" button, the interface reply:
"The field LDAP server user DN must be a valid domain name" no código /usr/local/pkg/squid.inc na linha 251 ele mostra o erro que me aparece. De acordo com o retorno da função is_domain($user)
Anyone have the same problem?
-
I have to admit that I don't know much about LDAP + Squid but what happens if you supply a "domain" name instead of the ldap notation.
ie: pfsense.com instead of cn=pfsense blah blah.
-
Ok, this worked. The interface has accept my entries.
But the web interface squid_auth.xml confuse me.
The following line has create in squid.conf
auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -b dc=fazenda,dc=com,dc=br -D pfsense.fazenda.com.br -f "(&objectClass=person)(cn=%s))" -u cn -P 192.168.161.20
I consider this line much generic and need some adjustments for suitable my needs. Example:
-D cn=proxy_user,ou=internet,dc=fazenda,dc=com,dc=br instead of pfsense.fazenda.com.br. This is required for autentication bind in LDAP.
-
Okay, we'll try to get this fixed soon. If you find a way to fix the code, please submit a diff and we'll be happy to commit.
-
This should now be fixed.