Re: ldap && squid authentication
Hi,
On Tue, 15 Mar 2005, Maximilian Wilhelm wrote:
> What should the '-D cn=teachers' be good for?
> Without a password this isn't very helpfull if I'm right.
> IIRC squid will use your user-dn and the password to bind against LDAP.
Oops, you're correct. It isn't yet requiring members of the teachers
group. It is however validating username/password which is useful in
itself. Just ignoring the teachers bit. I will return to the drawing
board.
> The OK/ERR response is interpreted by squid, so real error messages
> would not be that good. strace might have been helpfull.
Granted, but it would be nice if the -d debug switch gave some more useful
comments than "trying to do what you asked" (I'm paraphrasing here of
course) with no error.
> > The above of course is for squid on tjener to contact ldap on tjener. The
> > ldap on the program line could be changed to say 10.0.2.2 or tjener.intern
> > for the firewall to see it.
>
> No.
> You have to use "ldap" as hostname, if you want to connect via SSL to
> the LDAP server.
> You may want to use -ZZ instead of -Z to enforce TLS, so the connection
> will fail, if SSL could not be used.
I see. I hadn't got this far yet but thanks. ldap seems to resolve to
127.0.0.1. Is it possible to connect from a remote host?
Gavin
Reply to: