Bug 37752 – Squid only uses ldap/server/name for auth

Bug 37752 - Squid only uses ldap/server/name for auth


Summary:	Squid only uses ldap/server/name for auth

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Squid
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.0-1-errata
Assigned To:	Philipp Hahn
QA Contact:	Janek Walkenhorst

URL:
Keywords:

Duplicates:	32294 (view as bug list)
Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-02-10 15:10 CET by Tim Petersen
Modified:	2015-05-18 08:38 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Petersen

2015-02-10 15:10:23 CET

2015020621000525: ldap/server/addition should be used somehow - in the current behaviour, proxy auth is not possible if the master is not reachable.

Comment 1 Philipp Hahn

2015-03-13 17:57:07 CET

r58968 | Bug #37752 Squid: Copyright 2015
r58967 | Bug #37752 Squid: Support ldap/server/addition
 squid3-3.1.20/helpers/basic_auth/LDAP/squid_ldap_auth.c:open_ldap_connection() uses ldap_initialize() if the arguments contain "://", which allows a comma or space separated list of LDAP servers to be specified.

Package: univention-squid
Version: 8.0.2-2.224.201503131731
Branch: ucs_4.0-0
Scope: errata4.0-1

r58969 | Bug #37752 Squid: Support ldap/server/addition YAML
 2015-03-13-univention-squid.yaml

QA:
ucr set squid/basicauth=yes ldap/server/addition="$(ucr get ldap/master) localhost"
univention-install univention-squid strace
strace -e connect \
/usr/lib/squid3/squid_ldap_auth \
-b "$(ucr get ldap/base)" \
-D "$(ucr get ldap/hostdn)" \
-W /etc/squid3.secret \
-s sub \
-f '(&(objectClass=organizationalPerson)(uid=%s))' \
-d \
"ldap://$(ucr get ldap/server/name):9" "ldap://$(ucr get ldap/server/name):$(ucr get ldap/server/port)" <<<'Administrator univention'

http_proxy=http://Administrator:univention@localhost:3128 \
wget -d -O/dev/null http://www.univention.de/

Comment 2 Janek Walkenhorst

2015-03-24 12:26:11 CET

Tests: OK
Code review: OK
Advisory: OK

Comment 3 Janek Walkenhorst

2015-03-25 16:42:24 CET

<http://errata.univention.de/ucs/4.0/126.html>

Comment 4 Philipp Hahn

2015-05-18 08:38:15 CEST

*** Bug 32294 has been marked as a duplicate of this bug. ***