Hi everybody,
I spent some days reading the ebook "Ldap for rocket scientists" ( zytrax.com/books/ldap/) and I've succesfully (I think it's a success =3 ) created a VM with debian lenny and openldap running.
After that, I created another VM, running IPfire (www.ipfire.org) distro, this will be the firewall of the SMB I'm working for. Now I'm trying to authenticate the squid proxy, installed in IPFire distro, integrating it with my openldap server. A screenshot of my IPFire's webGUI and phpldapadmin webGUI can be seen at this topic: http://forum.ipfire.org/index.php?topic=3404.0
But the authentication isn't running, the browser using squid proxy keeps asking me for username and password. Suspecting that the webGUI could be making some mistake in squid config file, I started editing it's parameters manually. Right now, the ldap authentication line in my squid.conf looks like this:
*auth_param basic program /usr/lib/squid/squid_ldap_auth -D "cn=admin,dc=pisolar" -w "mypassword" -b "ou=usuarios,dc=pisolar" -h 192.168.1.7 -v 3* * * *cn=admin,dc=pisolar *= my root user. * * *ou=usuarios,dc=pisolar *= the OU where my users are stored. * * I opened slapd in debug mode (slapd -d 255) in my openldap debian-powered VM, and this is the text shown when I try to authenticate in my browser:
daemon: activity on 1 descriptor daemon: activity on: slap_listener_activate(8): daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 busy
slap_listener(ldap:///)
daemon: listen=8, new connection on 13 daemon: added 13r (active) listener=(nil) daemon: activity on 2 descriptors daemon: activity on: 13r daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero daemon: activity on 1 descriptor daemon: activity on: 13r daemon: read active on 13 daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero connection_get(13) connection_get(13): got connid=0 connection_read(13): checking for input on id=0 ber_get_next ldap_read: want=8, got=8 0000: 30 34 02 01 01 60 2f 02 04...`/.
ldap_read: want=46, got=46 0000: 01 03 04 20 75 69 64 3d 6c 61 6d 70 73 2c 6f 75 ... uid=lamps,ou
0010: 3d 75 73 75 61 72 69 6f 73 2c 64 63 3d 70 69 73 =usuarios,dc=pis
0020: 6f 6c 61 72 80 08 6c 34 77 64 30 67 67 30 olar..userpassword ber_get_next: tag 0x30 len 52 contents: ber_dump: buf=0xa0598a0 ptr=0xa0598a0 end=0xa0598d4 len=52 0000: 02 01 01 60 2f 02 01 03 04 20 75 69 64 3d 6c 61 ...`/.... uid=la
0010: 6d 70 73 2c 6f 75 3d 75 73 75 61 72 69 6f 73 2c mps,ou=usuarios,
0020: 64 63 3d 70 69 73 6f 6c 61 72 80 08 6c 34 77 64 dc=pisolar..userpass 0030: 30 67 67 30 word
ber_get_next ldap_read: want=8 error=Resource temporarily unavailable daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero conn=0 op=0 do_bind ber_scanf fmt ({imt) ber: ber_dump: buf=0xa0598a0 ptr=0xa0598a3 end=0xa0598d4 len=49 0000: 60 2f 02 01 03 04 20 75 69 64 3d 6c 61 6d 70 73 `/.... uid=lamps
0010: 2c 6f 75 3d 75 73 75 61 72 69 6f 73 2c 64 63 3d ,ou=usuarios,dc=
0020: 70 69 73 6f 6c 61 72 80 08 6c 34 77 64 30 67 67 pisolar..userpasswor 0030: 30 d
ber_scanf fmt (m}) ber: ber_dump: buf=0xa0598a0 ptr=0xa0598ca end=0xa0598d4 len=10 0000: 00 08 6c 34 77 64 30 67 67 30 ..userpassword
dnPrettyNormal: <uid=lamps,ou=usuarios,dc=pisolar>
=> ldap_bv2dn(uid=lamps,ou=usuarios,dc=pisolar,0) <= ldap_bv2dn(uid=lamps,ou=usuarios,dc=pisolar)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=lamps,ou=usuarios,dc=pisolar)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=lamps,ou=usuarios,dc=pisolar)=0 <<< dnPrettyNormal: <uid=lamps,ou=usuarios,dc=pisolar>, <uid=lamps,ou=usuarios,dc=pisolar> do_bind: version=3 dn="uid=lamps,ou=usuarios,dc=pisolar" method=128 ==> bdb_bind: dn: uid=lamps,ou=usuarios,dc=pisolar bdb_dn2entry("uid=lamps,ou=usuarios,dc=pisolar") => bdb_dn2id("dc=pisolar") <= bdb_dn2id: got id=0x1 => bdb_dn2id("ou=usuarios,dc=pisolar") <= bdb_dn2id: got id=0xb => bdb_dn2id("uid=lamps,ou=usuarios,dc=pisolar") <= bdb_dn2id: got id=0x10 entry_decode: "uid=lamps,ou=usuarios,dc=pisolar" <= entry_decode(uid=lamps,ou=usuarios,dc=pisolar) => access_allowed: auth access to "uid=lamps,ou=usuarios,dc=pisolar" "userPassword" requested => acl_get: [1] attr userPassword => slap_access_allowed: result not in cache (userPassword) => acl_mask: access to entry "uid=lamps,ou=usuarios,dc=pisolar", attr "userPassword" requested => acl_mask: to value by "", (=0) <= check a_dn_pat: cn=admin,dc=pisolar <= check a_dn_pat: anonymous <= acl_mask: [2] applying none(=0) (stop) <= acl_mask: [2] mask: none(=0) => slap_access_allowed: auth access denied by none(=0) => access_allowed: no more rules send_ldap_result: conn=0 op=0 p=3 send_ldap_result: err=49 matched="" text="" send_ldap_response: msgid=1 tag=97 err=49 ber_flush2: 14 bytes to sd 13 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1....
ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1....
daemon: activity on 1 descriptor daemon: activity on: 13r daemon: read active on 13 daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero connection_get(13) connection_get(13): got connid=0 connection_read(13): checking for input on id=0 ber_get_next ldap_read: want=8, got=7 0000: 30 05 02 01 02 42 00 0....B.
ber_get_next: tag 0x30 len 5 contents: ber_dump: buf=0xa0039c0 ptr=0xa0039c0 end=0xa0039c5 len=5 0000: 02 01 02 42 00 ...B.
ber_get_next ldap_read: want=8, got=0
ber_get_next on fd 13 failed errno=0 (Success) connection_read(13): input error=-2 id=0, closing. connection_closing: readying conn=0 sd=13 for close daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero connection_close: deferring conn=0 sd=13 conn=0 op=1 do_unbind connection_resched: attempting closing conn=0 sd=13 connection_close: conn=0 sd=13 daemon: removing 13 daemon: activity on 1 descriptor daemon: activity on: slap_listener_activate(8): daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 busy
slap_listener(ldap:///)
daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero
=================================
I tried to set a lot of different config syntaxes at squid.conf, but it always come to the same kind of problem at slapd debug: After reading the user CN and his password, slapd fails to read something else (ldap_read: want=8 error=Resource temporarily unavailable) and then it doesn't authenticates.
What I'm doing wrong? Is there any problem with my openldap server? With squid? =(
I'd like to thank you all in advance for any support, and say sorry for my broken english. =D