Project

General

Profile

Bug #10422

Squid LDAP auth must use LDAPURI option

Added by Viktor Gurov 2 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
Normal
Category:
Squid
Target version:
-
Start date:
04/03/2020
Due date:
% Done:

100%

Estimated time:
Affected Version:
Affected Architecture:

Description

basic_ldap_auth must use LDAPURI option (-H) to successfully connect using ldaps.
see https://forum.netgate.com/topic/147981/does-squid-support-2020-ldap-channel-binding/16

Usage: basic_ldap_auth -b basedn [options] [ldap_server_name[:port]]...
        ...
    -H URI            LDAPURI (defaults to ldap://localhost)

see also https://forum.netgate.com/topic/145578/ldaps-ad-bind/24

History

#1 Updated by Viktor Gurov 2 months ago

Fix:
https://github.com/pfsense/FreeBSD-ports/pull/823

This PR also changes STARTTLS -Z option to -ZZ,
it's used in all documentation, and ldapsearch --help:

-Z         Start TLS request (-ZZ to require successful response

Tested with LDAP and LDAPS connections on pfSense 2.4.5/2.5

#2 Updated by Renato Botelho 2 months ago

  • Status changed from New to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

#3 Updated by Viktor Gurov about 2 months ago

I upgraded squid to 0.4.44_18 on 2.4.5/2.5 but can't see this code

#4 Updated by Viktor Gurov about 2 months ago

  • Status changed from Feedback to Resolved

works as expected on 2.4.5 with squid 0.4.44_19

Also available in: Atom PDF