Squid and LDAP authentication



  • Hi,

    I testing squid with authentication via LDAP in Pfsense RC2.

    In the web interface I  enter the following:

    authentication server: 192.168.161.20
    ldap server user dn: cn=proxy_user,ou=internet,dc=fazenda,dc=com,dc=br
    ldap password: xxxxxx
    ldap base domain: dc=fazenda,dc=com,dc=br

    When I press "save" button, the interface reply:

    "The field LDAP server user DN must be a valid domain name" no código /usr/local/pkg/squid.inc na linha 251 ele mostra o erro que me aparece. De acordo com o retorno da função is_domain($user)

    Anyone have the same problem?



  • I have to admit that I don't know much about LDAP + Squid but what happens if you supply a "domain" name instead of the ldap notation.

    ie: pfsense.com instead of cn=pfsense blah blah.



  • Ok, this worked. The interface has accept my entries.

    But the web interface squid_auth.xml confuse me.

    The following line has create in squid.conf

    auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -b dc=fazenda,dc=com,dc=br -D pfsense.fazenda.com.br -f "(&objectClass=person)(cn=%s))" -u cn -P 192.168.161.20

    I consider this line much generic and need some adjustments for suitable my needs. Example:

    -D cn=proxy_user,ou=internet,dc=fazenda,dc=com,dc=br instead of pfsense.fazenda.com.br. This is required for autentication bind in LDAP.



  • Okay, we'll try to get this fixed soon.  If you find a way to fix the code, please submit a diff and we'll be happy to commit.



  • This should now be fixed.


Log in to reply