Scribd
Upload
109 views1 page

01 SquidGuard-Tips For Using LDAP

SquidGuard can experience issues running with LDAP authentication on startup if certain requirements are not met. These issues include missing flex and bison libraries, RPM packages not compiled with LDAP support, missing LDAP libraries, failing to run configure with the LDAP option, name resolution problems, and Active Directory referrals not being handled. Users should check that flex/bison are installed, LDAP is enabled in packages and configure, name resolution works properly, and referrals are turned off or a fixed server specified if using Active Directory.

Uploaded by

John Rodrigo Oscco Poma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
109 views1 page

01 SquidGuard-Tips For Using LDAP

SquidGuard can experience issues running with LDAP authentication on startup if certain requirements are not met. These issues include missing flex and bison libraries, RPM packages not compiled with LDAP support, missing LDAP libraries, failing to run configure with the LDAP option, name resolution problems, and Active Directory referrals not being handled. Users should check that flex/bison are installed, LDAP is enabled in packages and configure, name resolution works properly, and referrals are turned off or a fixed server specified if using Active Directory.

Uploaded by

John Rodrigo Oscco Poma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

squidGuard - Tips for using LDAP

Some user experienced problem running squidGuard with LDAP authentication. In most cases on startup squidGuard gave a syntax or parsing error
when the ldapsearch line was read in. This can be result of several shortcomings. The list below is compiled from own experiences and user feedback.
Hopefully it assists you to successfully set up LDAP authentication with squidGuard.
Please check your installation for the following topics:

1. flex and bison

Make sure that you have flex and bison installed.


You can compile squidguard without but then LDAP will not work. If the squidGuard process encounters the lack of flex and/or bison it takes
previously generated files to include them into the code. These flex and bison files have been created without any additional options (to ensure
that they can run on most systems).

2. Using RPMs

Not all available RPMs do have the LDAP functionality compiled in. If no LDAP libraries (or LDAP itself) is on the list or requirements there is
a good chance that the package builds without it. You may wish to check with the vendor of the RPM.
if you are building squidGuard from the sources check the next topics.

3. ldap libraries

In order to use LDAP functionalities the system must have the proper LDAP libraries and include files installed (openldap works fine).

4. configure with ldap

Before you compile squidGuard you must run configure with the ldap option activated:

Running configure with ldap option:


./configure --with-ldap=yes

5. name resolution

Make sure that the system squidGuard is running on can properly resolve its own name.
It has been reported that a syntax error shows up if the system cannot resolve its own name properly.

6. AD forrest: answering with referals

Currently squidGuard is not able to handle referals as answer from an Active Directory. If you don't need referals in your environment you can
turn them off. Otherwise you have to specify a fixed server and path where the user information can be obtained. Please take a look on the "What
to do with Active Directory Referals?" page how users solved this problem in their environment.

7. configuration errors

Make sure that there are no typos your configuration. The correct host is addressed to lookup the correct group membership with the correct
password in the correct LDAP tree.

You might also like