[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem when trying to authenticate squid with openldap server



Hi everybody,

I spent some days reading the ebook "Ldap for rocket scientists" (zytrax.com/books/ldap/) and I've succesfully (I think it's a success =3 ) created a VM with debian lenny and openldap running.�

After that, I created another VM, running IPfire (www.ipfire.org) distro, this will be the firewall of the SMB I'm working for. Now I'm trying to authenticate the squid proxy, installed in IPFire distro, integrating it with my openldap server. A screenshot of my IPFire's webGUI and phpldapadmin webGUI can be seen at this topic:�http://forum.ipfire.org/index.php?topic=3404.0

But the authentication isn't running, the browser using squid proxy keeps asking me for username and password. Suspecting that the webGUI could be making some mistake in squid config file, I started editing it's parameters manually. Right now, the ldap authentication line in my squid.conf looks like this:�

auth_param basic program /usr/lib/squid/squid_ldap_auth -D "cn=admin,dc=pisolar" -w "mypassword" -b "ou=usuarios,dc=pisolar" -h 192.168.1.7 -v 3

cn=admin,dc=pisolar = my root user.

ou=usuarios,dc=pisolar = the OU where my users are stored.�

I opened slapd in debug mode (slapd -d 255) in my openldap debian-powered VM, and this is the text shown when I try to authenticate in my browser:�

daemon: activity on 1 descriptor
daemon: activity on:
slap_listener_activate(8):�
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 busy
>>> slap_listener(ldap:///)
daemon: listen=8, new connection on 13
daemon: added 13r (active) listener=(nil)
daemon: activity on 2 descriptors
daemon: activity on: 13r
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: activity on 1 descriptor
daemon: activity on: 13r
daemon: read active on 13
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
connection_get(13)
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
ber_get_next
ldap_read: want=8, got=8
��0000: �30 34 02 01 01 60 2f 02 � � � � � � � � � � � � � �04...`/. � � � � �
ldap_read: want=46, got=46
��0000: �01 03 04 20 75 69 64 3d �6c 61 6d 70 73 2c 6f 75 � ... uid=lamps,ou �
��0010: �3d 75 73 75 61 72 69 6f �73 2c 64 63 3d 70 69 73 � =usuarios,dc=pis �
��0020: �6f 6c 61 72 80 08 6c 34 �77 64 30 67 67 30 � � � � olar..userpassword � �
ber_get_next: tag 0x30 len 52 contents:
ber_dump: buf=0xa0598a0 ptr=0xa0598a0 end=0xa0598d4 len=52
��0000: �02 01 01 60 2f 02 01 03 �04 20 75 69 64 3d 6c 61 � ...`/.... uid=la �
��0010: �6d 70 73 2c 6f 75 3d 75 �73 75 61 72 69 6f 73 2c � mps,ou=usuarios, �
��0020: �64 63 3d 70 69 73 6f 6c �61 72 80 08 6c 34 77 64 � dc=pisolar..userpass �
��0030: �30 67 67 30 � � � � � � � � � � � � � � � � � � � �word � � � � � � �
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
conn=0 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0xa0598a0 ptr=0xa0598a3 end=0xa0598d4 len=49
��0000: �60 2f 02 01 03 04 20 75 �69 64 3d 6c 61 6d 70 73 � `/.... uid=lamps �
��0010: �2c 6f 75 3d 75 73 75 61 �72 69 6f 73 2c 64 63 3d � ,ou=usuarios,dc= �
��0020: �70 69 73 6f 6c 61 72 80 �08 6c 34 77 64 30 67 67 � pisolar..userpasswor �
��0030: �30 � � � � � � � � � � � � � � � � � � � � � � � � d � � � � � � � ��
ber_scanf fmt (m}) ber:
ber_dump: buf=0xa0598a0 ptr=0xa0598ca end=0xa0598d4 len=10
��0000: �00 08 6c 34 77 64 30 67 �67 30 � � � � � � � � � � ..userpassword � � � �
>>> dnPrettyNormal: <uid=lamps,ou=usuarios,dc=pisolar>
=> ldap_bv2dn(uid=lamps,ou=usuarios,dc=pisolar,0)
<= ldap_bv2dn(uid=lamps,ou=usuarios,dc=pisolar)=0�
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=lamps,ou=usuarios,dc=pisolar)=0�
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=lamps,ou=usuarios,dc=pisolar)=0�
<<< dnPrettyNormal: <uid=lamps,ou=usuarios,dc=pisolar>, <uid=lamps,ou=usuarios,dc=pisolar>
do_bind: version=3 dn="uid=lamps,ou=usuarios,dc=pisolar" method=128
==> bdb_bind: dn: uid=lamps,ou=usuarios,dc=pisolar
bdb_dn2entry("uid=lamps,ou=usuarios,dc=pisolar")
=> bdb_dn2id("dc=pisolar")
<= bdb_dn2id: got id=0x1
=> bdb_dn2id("ou=usuarios,dc=pisolar")
<= bdb_dn2id: got id=0xb
=> bdb_dn2id("uid=lamps,ou=usuarios,dc=pisolar")
<= bdb_dn2id: got id=0x10
entry_decode: "uid=lamps,ou=usuarios,dc=pisolar"
<= entry_decode(uid=lamps,ou=usuarios,dc=pisolar)
=> access_allowed: auth access to "uid=lamps,ou=usuarios,dc=pisolar" "userPassword" requested
=> acl_get: [1] attr userPassword
=> slap_access_allowed: result not in cache (userPassword)
=> acl_mask: access to entry "uid=lamps,ou=usuarios,dc=pisolar", attr "userPassword" requested
=> acl_mask: to value by "", (=0)�
<= check a_dn_pat: cn=admin,dc=pisolar
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying none(=0) (stop)
<= acl_mask: [2] mask: none(=0)
=> slap_access_allowed: auth access denied by none(=0)
=> access_allowed: no more rules
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: err=49 matched="" text=""
send_ldap_response: msgid=1 tag=97 err=49
ber_flush2: 14 bytes to sd 13
��0000: �30 0c 02 01 01 61 07 0a �01 31 04 00 04 00 � � � � 0....a...1.... � �
ldap_write: want=14, written=14
��0000: �30 0c 02 01 01 61 07 0a �01 31 04 00 04 00 � � � � 0....a...1.... � �
daemon: activity on 1 descriptor
daemon: activity on: 13r
daemon: read active on 13
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
connection_get(13)
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
ber_get_next
ldap_read: want=8, got=7
��0000: �30 05 02 01 02 42 00 � � � � � � � � � � � � � � � 0....B. � � � � ��
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf=0xa0039c0 ptr=0xa0039c0 end=0xa0039c5 len=5
��0000: �02 01 02 42 00 � � � � � � � � � � � � � � � � � � ...B. � � � � � ��
ber_get_next
ldap_read: want=8, got=0

ber_get_next on fd 13 failed errno=0 (Success)
connection_read(13): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=13 for close
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
connection_close: deferring conn=0 sd=13
conn=0 op=1 do_unbind
connection_resched: attempting closing conn=0 sd=13
connection_close: conn=0 sd=13
daemon: removing 13
daemon: activity on 1 descriptor
daemon: activity on:
slap_listener_activate(8):�
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 busy
>>> slap_listener(ldap:///)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero

=================================


I tried to set a lot of different config syntaxes at squid.conf, but it always come to the same kind of problem at slapd debug: After reading the user CN and his password, slapd fails to read something else (ldap_read: want=8 error=Resource temporarily unavailable) and then it doesn't authenticates.�

What I'm doing wrong? Is there any problem with my openldap server? With squid? =(

I'd like to thank you all in advance for any support, and say sorry for my broken english. =D