SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000921: Active Directory And Squid Problem - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA







Main | My View | View Issues | Change Log | Roadmap
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000921Endian FirewallApplication Level Proxiespublic2008-06-06 18:382008-09-10 15:44
Reporterdanielgines 
Assigned Tosimon-endian 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.2-rc1 
Target Version2.2-rc3Fixed in Version2.2-rc2 
Summary0000921: Active Directory And Squid Problem
DescriptionI was trying to authenticate Endian Squid users against an Active Directory,
but after some tests, I figure out that's Endian wrote a wrong squid.conf file
for my AD.

 First Endian is missing "-v 3" when use with "Active Directory" LDAP option.

 Second, Endian is allways missing the first LDAP level after the AD BaseDN, for
example:

 I have:
memberOf=cn=Internet,CN=Users,DC=teste,DC=com

 But Endian wrotes a squid.conf like this:
memberOf=cn=Internet,DC=teste,DC=com

 Again I have:
memberOf=CN=Administradores,CN=Builtin,DC=teste,DC=com

 But Endian wrotes a squid.conf like this:
memberOf=cn=Administradores,DC=teste,DC=com

 
Additional InformationHere my diff from squid.conf generated by Endian and my squid.conf finaly
working against my Active directory:

root@efw:/etc/squid # diff -Nru squid.conf squid.conf-OK
--- squid.conf 2008-06-04 21:03:38.000000000 -0300
+++ squid.conf-OK 2008-06-04 20:29:06.000000000 -0300
@@ -63,16 +63,16 @@

 # START AUTHENTICATION
 # METHOD is LDAP
-auth_param basic program /usr/lib/squid/squid_ldap_auth -b "DC=teste,DC=com" -d -D "CN=Administrador,CN=Users,DC=teste,DC=com" -w "PASSWORD" -f "(&(&(objectClass=person)(sAMAccountName=%s))(|(memberOf=cn=Administradores,DC=teste,DC=com)(memberOf=cn=Internet,DC=teste,DC=com)))" -u sAMAccountName -P 192.168.0.200:389
+auth_param basic program /usr/lib/squid/squid_ldap_auth -v 3 -b "DC=teste,DC=com" -d -D "CN=Administrador,CN=Users,DC=teste,DC=com" -w "PASSWORD" -f "(&(&(objectClass=person)(sAMAccountName=%s))(|(memberOf=cn=Administradores,DC=teste,DC=com)(memberOf=cn=Internet,CN=Users,DC=teste,DC=com)))" -u sAMAccountName -P 192.168.0.200:389
 auth_param basic children 20
 auth_param basic realm Endian Advanced Proxy Server
 auth_param basic credentialsttl 60 minutes

-external_acl_type ldap_group ttl=300 %LOGIN /usr/lib/squid/squid_ldap_group -b "DC=teste,DC=com" -d -D "CN=Administrador,CN=Users,DC=teste,DC=com" -w "PASSWORD" -f "(&(&(objectClass=person)(sAMAccountName=%u))(memberOf=%g))" -P 192.168.0.200:389
+external_acl_type ldap_group ttl=300 %LOGIN /usr/lib/squid/squid_ldap_group -v 3 -b "DC=teste,DC=com" -d -D "CN=Administrador,CN=Users,DC=teste,DC=com"-w "PASSWORD" -f "(&(&(objectClass=person)(sAMAccountName=%u))(memberOf=%g))" -P 192.168.0.200:389


-acl for_group1_users external ldap_group cn=Administradores,DC=teste,DC=com
-acl for_group3_users external ldap_group cn=Internet,DC=teste,DC=com
+acl for_group1_users external ldap_group cn=Administradores,CN=Builtin,DC=teste,DC=com
+acl for_group3_users external ldap_group cn=Internet,CN=Users,DC=teste,DC=com
 acl for_inetusers proxy_auth REQUIRED
 # END AUTHENTICATION


 Has all of you can see, Endian is missing "CN=Builtin", "CN=Users" and "-v 3"
from configurarion. I guess it's a problem with ldap_enabled_groups variable.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0001318)
Anonymous (viewer)
2008-06-16 14:45

 where is the patch ?
tks
(0001431)
simon-endian (developer)
2008-07-10 09:04

 it will be included in the 2.2 rc2

- Issue History
Date Modified Username Field Change
2008-06-06 18:38 danielgines New Issue
2008-06-06 18:55 peter-endian Assigned To => simon-endian
2008-06-06 18:55 peter-endian Status new => assigned
2008-06-06 18:55 peter-endian Target Version => 2.2
2008-06-12 13:23 simon-endian Status assigned => resolved
2008-06-12 13:23 simon-endian Fixed in Version => 2.2
2008-06-12 13:23 simon-endian Resolution open => fixed
2008-06-16 14:45 Anonymous Status resolved => feedback
2008-06-16 14:45 Anonymous Resolution fixed => reopened
2008-06-16 14:45 Anonymous Note Added: 0001318
2008-07-10 09:04 simon-endian Note Added: 0001431
2008-07-10 09:04 simon-endian Status feedback => closed
2008-07-10 09:04 simon-endian Resolution reopened => fixed
2008-07-10 09:04 simon-endian Fixed in Version 2.2 => 2.2-rc2
2008-09-10 15:44 chris-endian Target Version 2.2 => 2.2-rc3

Copyright © 2005-2008 Endian, SRL. All rights reserved.

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker