But the authentication isn't running, the browser using squid proxy keeps asking me for username and password. Suspecting that the webGUI could be making some mistake in squid config file, I started editing it's parameters manually. Right now, the ldap authentication line in my squid.conf looks like this:
I opened slapd in debug mode (slapd -d 255) in my openldap debian-powered VM, and this is the text shown when I try to authenticate in my browser:
daemon: activity on 1 descriptor
daemon: activity on:
slap_listener_activate(8):
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 busy
>>> slap_listener(ldap:///)
daemon: listen=8, new connection on 13
daemon: added 13r (active) listener=(nil)
daemon: activity on 2 descriptors
daemon: activity on: 13r
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: activity on 1 descriptor
daemon: activity on: 13r
daemon: read active on 13
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
connection_get(13)
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
ber_get_next
ldap_read: want=8, got=8
0000: 30 34 02 01 01 60 2f 02 04...`/.
ldap_read: want=46, got=46
0000: 01 03 04 20 75 69 64 3d 6c 61 6d 70 73 2c 6f 75 ... uid=lamps,ou
0010: 3d 75 73 75 61 72 69 6f 73 2c 64 63 3d 70 69 73 =usuarios,dc=pis
0020: 6f 6c 61 72 80 08 6c 34 77 64 30 67 67 30 olar..userpassword
ber_get_next: tag 0x30 len 52 contents:
ber_dump: buf=0xa0598a0 ptr=0xa0598a0 end=0xa0598d4 len=52
0000: 02 01 01 60 2f 02 01 03 04 20 75 69 64 3d 6c 61 ...`/.... uid=la
0010: 6d 70 73 2c 6f 75 3d 75 73 75 61 72 69 6f 73 2c mps,ou=usuarios,
0020: 64 63 3d 70 69 73 6f 6c 61 72 80 08 6c 34 77 64 dc=pisolar..userpass
0030: 30 67 67 30 word
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
conn=0 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0xa0598a0 ptr=0xa0598a3 end=0xa0598d4 len=49
0000: 60 2f 02 01 03 04 20 75 69 64 3d 6c 61 6d 70 73 `/.... uid=lamps
0010: 2c 6f 75 3d 75 73 75 61 72 69 6f 73 2c 64 63 3d ,ou=usuarios,dc=
0020: 70 69 73 6f 6c 61 72 80 08 6c 34 77 64 30 67 67 pisolar..userpasswor
0030: 30 d
ber_scanf fmt (m}) ber:
ber_dump: buf=0xa0598a0 ptr=0xa0598ca end=0xa0598d4 len=10
0000: 00 08 6c 34 77 64 30 67 67 30 ..userpassword
>>> dnPrettyNormal: <uid=lamps,ou=usuarios,dc=pisolar>
=> ldap_bv2dn(uid=lamps,ou=usuarios,dc=pisolar,0)
<= ldap_bv2dn(uid=lamps,ou=usuarios,dc=pisolar)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=lamps,ou=usuarios,dc=pisolar)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=lamps,ou=usuarios,dc=pisolar)=0
<<< dnPrettyNormal: <uid=lamps,ou=usuarios,dc=pisolar>, <uid=lamps,ou=usuarios,dc=pisolar>
do_bind: version=3 dn="uid=lamps,ou=usuarios,dc=pisolar" method=128
==> bdb_bind: dn: uid=lamps,ou=usuarios,dc=pisolar
bdb_dn2entry("uid=lamps,ou=usuarios,dc=pisolar")
=> bdb_dn2id("dc=pisolar")
<= bdb_dn2id: got id=0x1
=> bdb_dn2id("ou=usuarios,dc=pisolar")
<= bdb_dn2id: got id=0xb
=> bdb_dn2id("uid=lamps,ou=usuarios,dc=pisolar")
<= bdb_dn2id: got id=0x10
entry_decode: "uid=lamps,ou=usuarios,dc=pisolar"
<= entry_decode(uid=lamps,ou=usuarios,dc=pisolar)
=> access_allowed: auth access to "uid=lamps,ou=usuarios,dc=pisolar" "userPassword" requested
=> acl_get: [1] attr userPassword
=> slap_access_allowed: result not in cache (userPassword)
=> acl_mask: access to entry "uid=lamps,ou=usuarios,dc=pisolar", attr "userPassword" requested
=> acl_mask: to value by "", (=0)
<= check a_dn_pat: cn=admin,dc=pisolar
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying none(=0) (stop)
<= acl_mask: [2] mask: none(=0)
=> slap_access_allowed: auth access denied by none(=0)
=> access_allowed: no more rules
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: err=49 matched="" text=""
send_ldap_response: msgid=1 tag=97 err=49
ber_flush2: 14 bytes to sd 13
0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1....
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1....
daemon: activity on 1 descriptor
daemon: activity on: 13r
daemon: read active on 13
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
connection_get(13)
connection_get(13): got connid=0
connection_read(13): checking for input on id=0
ber_get_next
ldap_read: want=8, got=7
0000: 30 05 02 01 02 42 00 0....B.
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf=0xa0039c0 ptr=0xa0039c0 end=0xa0039c5 len=5
0000: 02 01 02 42 00 ...B.
ber_get_next
ldap_read: want=8, got=0
ber_get_next on fd 13 failed errno=0 (Success)
connection_read(13): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=13 for close
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
connection_close: deferring conn=0 sd=13
conn=0 op=1 do_unbind
connection_resched: attempting closing conn=0 sd=13
connection_close: conn=0 sd=13
daemon: removing 13
daemon: activity on 1 descriptor
daemon: activity on:
slap_listener_activate(8):
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 busy
>>> slap_listener(ldap:///)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
I tried to set a lot of different config syntaxes at squid.conf, but it always come to the same kind of problem at slapd debug: After reading the user CN and his password, slapd fails to read something else (ldap_read: want=8 error=Resource temporarily unavailable) and then it doesn't authenticates.
What I'm doing wrong? Is there any problem with my openldap server? With squid? =(
I'd like to thank you all in advance for any support, and say sorry for my broken english. =D