Bug #2966
closed
Squid3 : LDAPS authentication : using hostname and not IP address
0%
Description
Hello, I think I found a bug.
I've installed and configured my pfsense to use LDAP over SSL. All is working fine before installing squid3 package. (I can use an account of my active directory to login to pfsense webconfigurator).
If I install squid3 and start it, my pfsense authentication using LDAP over SSL doesn't work any more (the auth for accessing the webConfigurator) and I've logs such as :
php: /system_authservers.php: ERROR! ldap_get_groups() could not bind to server <name of my ldaps server>.
php: /system_authservers.php: LDAP: Could not lookup CA by reference for host XXXXXXXX.
The log "ldap_get_groups() could not bind to server <name of my ldaps server>" comes with many other php files.
I spent many hours, trying to reinstall squid or squid3 package. (all is fine with squid).
The fact is :
On my LDAP server configuration, I had the IP adress of my LDAP server (on the field Hostname or IP address). When I changed it the the hostname of my LDAP server, all was ok. So you mustn't put the IP adress of a LDAP server if you are using squid3 and LDAP over SSL.
It's immediate when I try : If I put the ip address, and I clic on the select button (of the Authentication containers field), I've got and error (Could not connect to the LDAP server. Please check your LDAP configuration). If I put the hostname, I've my groups.
May you fix ?
Updated by Kill Bill about 10 years ago
This is not a bug. If you want to use SSL with IPs, you need to put the IPs into the certificate. (Obviously a bad practice).
Updated by Chris Buechler about 10 years ago
- Status changed from New to Not a Bug
- Affected Version deleted (
2.0.x)