Bug 37752
| Summary: | Squid only uses ldap/server/name for auth | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Tim Petersen <petersen> |
| Component: | Squid | Assignee: | Philipp Hahn <hahn> |
| Status: | CLOSED FIXED | QA Contact: | Janek Walkenhorst <walkenhorst> |
| Severity: | normal | ||
| Priority: | P5 | CC: | gohmann |
| Version: | UCS 4.0 | ||
| Target Milestone: | UCS 4.0-1-errata | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| What kind of report is it?: | --- | What type of bug is this?: | --- |
| Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
| User Pain: | Enterprise Customer affected?: | ||
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | ||
| Max CVSS v3 score: | |||
|
Description
Tim Petersen
r58968 | Bug #37752 Squid: Copyright 2015 r58967 | Bug #37752 Squid: Support ldap/server/addition squid3-3.1.20/helpers/basic_auth/LDAP/squid_ldap_auth.c:open_ldap_connection() uses ldap_initialize() if the arguments contain "://", which allows a comma or space separated list of LDAP servers to be specified. Package: univention-squid Version: 8.0.2-2.224.201503131731 Branch: ucs_4.0-0 Scope: errata4.0-1 r58969 | Bug #37752 Squid: Support ldap/server/addition YAML 2015-03-13-univention-squid.yaml QA: ucr set squid/basicauth=yes ldap/server/addition="$(ucr get ldap/master) localhost" univention-install univention-squid strace strace -e connect \ /usr/lib/squid3/squid_ldap_auth \ -b "$(ucr get ldap/base)" \ -D "$(ucr get ldap/hostdn)" \ -W /etc/squid3.secret \ -s sub \ -f '(&(objectClass=organizationalPerson)(uid=%s))' \ -d \ "ldap://$(ucr get ldap/server/name):9" "ldap://$(ucr get ldap/server/name):$(ucr get ldap/server/port)" <<<'Administrator univention' http_proxy=http://Administrator:univention@localhost:3128 \ wget -d -O/dev/null http://www.univention.de/ Tests: OK Code review: OK Advisory: OK |