You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We need some help to enable LDAPS for connection to Windows Active Directory for user authentication. We already have a working Squid 3.5.28 server on Windows 2019 with basic_ldap_auth.exe implemented which is using LDAP (not LDAPS) to connect to Windows Active Directory for user authentication.
-On Windows, with only LDAP (not LDAPS) auth_param basic program /lib/squid/basic_ldap_auth.exe -R -b "dc=internaldomain=com" -D [email protected] -W /etc/squid/authpasswd -f "(|(userPrincipalName=%s)(sAMAccountName=%s))" -d -h domaincontroller1.internaldomain.com domaincontroller1.internaldomain.com
Our Windows 2019 Active Directory server is already configured with LDAPS and its working in production with various other applications as well as from another Squid server which is deployed on RHEL7 which also uses basic_ldap_auth for user authentication but connects to Windows 2019 Active Directory using LDAPS.
So we need some help on:
(1) Where to place root & intermediate certificates so basic_ldap_auth.exe will be able to trust the certificate of LDAPS ? On linux we placed it under /etc/openldap/cacerts/ and is working all fine but unable to identifiy similar location for Squid on Windows.
(2) Also do we need to have root & intermediate certificates in a specific format ? Our plan is to export those as 'Base-64 encoded X.509 (.CER)' from our Windows Local Computer Certificate store as they are already available there under Trusted Root Certification Authorities.
So please review and suggest.
Thanks in advance for all the help.
Do let us know if you need any more information on the same.
Thanks,
Mitul
The text was updated successfully, but these errors were encountered:
Hello,
We need some help to enable LDAPS for connection to Windows Active Directory for user authentication. We already have a working Squid 3.5.28 server on Windows 2019 with basic_ldap_auth.exe implemented which is using LDAP (not LDAPS) to connect to Windows Active Directory for user authentication.
-On Windows, with only LDAP (not LDAPS)
auth_param basic program /lib/squid/basic_ldap_auth.exe -R -b "dc=internaldomain=com" -D [email protected] -W /etc/squid/authpasswd -f "(|(userPrincipalName=%s)(sAMAccountName=%s))" -d -h domaincontroller1.internaldomain.com domaincontroller1.internaldomain.comOur Windows 2019 Active Directory server is already configured with LDAPS and its working in production with various other applications as well as from another Squid server which is deployed on RHEL7 which also uses basic_ldap_auth for user authentication but connects to Windows 2019 Active Directory using LDAPS.
-On RHEL7, with LDAPS
auth_param basic program /usr/lib64/squid/basic_ldap_auth -b "dc=internaldomain,dc=com" -f "(|(userPrincipalName=%s)(sAMAccountName=%s))" -D "cn=Squid Auth Account,cn=Users,dc=internaldomain,dc=com" -W /etc/squid/ldapp -d -v 3 "ldaps://domaincontroller1.internaldomain.com:636","ldaps://domaincontroller2.internaldomain.com:636"So we need some help on:
(1) Where to place root & intermediate certificates so basic_ldap_auth.exe will be able to trust the certificate of LDAPS ? On linux we placed it under /etc/openldap/cacerts/ and is working all fine but unable to identifiy similar location for Squid on Windows.
(2) Also do we need to have root & intermediate certificates in a specific format ? Our plan is to export those as 'Base-64 encoded X.509 (.CER)' from our Windows Local Computer Certificate store as they are already available there under Trusted Root Certification Authorities.
So please review and suggest.
Thanks in advance for all the help.
Do let us know if you need any more information on the same.
Thanks,
Mitul
The text was updated successfully, but these errors were encountered: