Univention Bugzilla – Bug 37752
Squid only uses ldap/server/name for auth
Last modified: 2015-05-18 08:38:15 CEST
2015020621000525: ldap/server/addition should be used somehow - in the current behaviour, proxy auth is not possible if the master is not reachable.
r58968 | Bug #37752 Squid: Copyright 2015 r58967 | Bug #37752 Squid: Support ldap/server/addition squid3-3.1.20/helpers/basic_auth/LDAP/squid_ldap_auth.c:open_ldap_connection() uses ldap_initialize() if the arguments contain "://", which allows a comma or space separated list of LDAP servers to be specified. Package: univention-squid Version: 8.0.2-2.224.201503131731 Branch: ucs_4.0-0 Scope: errata4.0-1 r58969 | Bug #37752 Squid: Support ldap/server/addition YAML 2015-03-13-univention-squid.yaml QA: ucr set squid/basicauth=yes ldap/server/addition="$(ucr get ldap/master) localhost" univention-install univention-squid strace strace -e connect \ /usr/lib/squid3/squid_ldap_auth \ -b "$(ucr get ldap/base)" \ -D "$(ucr get ldap/hostdn)" \ -W /etc/squid3.secret \ -s sub \ -f '(&(objectClass=organizationalPerson)(uid=%s))' \ -d \ "ldap://$(ucr get ldap/server/name):9" "ldap://$(ucr get ldap/server/name):$(ucr get ldap/server/port)" <<<'Administrator univention' http_proxy=http://Administrator:univention@localhost:3128 \ wget -d -O/dev/null http://www.univention.de/
Tests: OK Code review: OK Advisory: OK
<http://errata.univention.de/ucs/4.0/126.html>
*** Bug 32294 has been marked as a duplicate of this bug. ***