Hi all,

I need Squid to authenticate users against a Novell eDirectory 8. I'd
like to use SSL encryption between Squid and the LDAP tree, thus I
guess I need to use the helper squid_ldap_auth. Although I've read a
lot of threads about this topic I haven't gotten very far with the
current implementation of the helper.

I'm using Squid 2.6.STABLE12 on Gentoo. In the squid.conf file I have

auth_param basic program /usr/libexec/squid/squid_ldap_auth -b
"o=myroot" -f "(&(objectClass=person)(cn=%s)
 (groupMembership=cn=Internet,ou=CommonGr
oups,o=myroot))" -u cn -P
ldaps://horus

where horus is the Novell machine with the LDAP tree (horus is DNS-
mapped, actually that machine is THE dns server). This solution
doesn't work, as I keep getting a "Can't contact LDAP server" message
error in /var/log/squid/cache.log logfile. Switching to horus'
ipaddress doesn't change anything. The solution I found is using
squid_ldap_auth without ssl encryption with stunnel on the squid
machine, listening on the unencrypted ldap port and sending encrypted
data to the horus encrypted ldap port (636). This works!

Now I want to do the same on an IpCop 1.4.15 box, as I'd like to have
firewall + proxy + content filter on the same machine. I installed the
advenced proxy addon for IpCop, which installs the very same Squid
version (2.6.STABLE12). Now the problem is that I cannot install
stunnel on IpCop, as there's no addon for it nor does it have gcc.

Now the question is: is there any squid-only solution to this problem
(avoiding stunnel usage)? Why do I keep getting error messages when
specifying ldap URIs as ldaps:// ?

Thanks in advance

--
~matteo

[ Post a follow-up to this message ]