Please keep discussion on the mailinglist.
On Tue, 20 Sep 2005, nattapon viroonsri wrote:
> > is there any warnings in cache.log?
> >
> Could not Activate TLS connection
> 2005/09/19 15:05:07| WARNING: basicauthenticator #1 (FD 6) exited
And you are absolutely sure it works when running squid_ldap_auth from the
command line?
The reason I ask is because the TLS support in squid_ldap_auth in
2.5.STABLE10 is known to be broken, always reporting this error..
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-LDAP_TLS
> From testing, I remove $HOME/ldaprc then run squid_ldap_auth from
> command line ,Ldap server told that cannot verify client certificate ,
> if i restore $HOME/ldaprc , squid_ldap_auth know where to get client
> certificate to send ldap server So it can authenticate successful
>
> It look like squid_ldap_auth have no builtin ldap client So it use the
> same config as "ldapsearch" utility ($HOME/ldaprc) ?
squid_ldap_auth uses the OpenLDAP C-API, quite much in the same manner as
the OpenLDAP tools (ldapsearch etc).
Ah.. here is a hint. You placed .ldaprc in $HOME. Quite likely the
environment variable $HOME is not what you expect then Squid is running as
a daemon. Try specifying the same in /etc/ldap.conf instead. Alternatively
you can try using the following small wrapper script around
squid_ldap_auth making sure $HOME is set properly:
#!/bin/sh
HOME=/home/squid
export HOME
exec /path/to/squid_ldap_auth "$@"
(change /home/squid to the home of your cache_effective_user)
Regards
Henrik
Received on Tue Sep 20 2005 - 10:12:57 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Oct 01 2005 - 12:00:03 MDT