Project

General

Profile

Actions
Copy link

Bug #10422

closed

Squid LDAP auth must use LDAPURI option

Added by Viktor Gurov about 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Renato Botelho
Category:
Squid
Target version:
-
Start date:
04/03/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

basic_ldap_auth must use LDAPURI option (-H) to successfully connect using ldaps.
see https://forum.netgate.com/topic/147981/does-squid-support-2020-ldap-channel-binding/16

Usage: basic_ldap_auth -b basedn [options] [ldap_server_name[:port]]...
        ...
    -H URI            LDAPURI (defaults to ldap://localhost)

see also https://forum.netgate.com/topic/145578/ldaps-ad-bind/24

Actions
Copy link
 #1

Updated by Viktor Gurov about 4 years ago

Fix:
https://github.com/pfsense/FreeBSD-ports/pull/823

This PR also changes STARTTLS -Z option to -ZZ,
it's used in all documentation, and ldapsearch --help:

-Z         Start TLS request (-ZZ to require successful response

Tested with LDAP and LDAPS connections on pfSense 2.4.5/2.5

Actions
Copy link
 #2

Updated by Renato Botelho about 4 years ago

  • Status changed from New to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions
Copy link
 #3

Updated by Viktor Gurov about 4 years ago

I upgraded squid to 0.4.44_18 on 2.4.5/2.5 but can't see this code

Actions
Copy link
 #4

Updated by Viktor Gurov about 4 years ago

  • Status changed from Feedback to Resolved

works as expected on 2.4.5 with squid 0.4.44_19

Actions
Copy link

Also available in: Atom PDF