1 Index: squid/helpers/external_acl/ldap_group/ChangeLog
2 diff -c /dev/null squid/helpers/external_acl/ldap_group/ChangeLog:1.1.2.1
3 *** /dev/null Fri Nov 21 10:14:58 2003
4 --- squid/helpers/external_acl/ldap_group/ChangeLog Wed Nov 19 17:41:37 2003
10 + 2003-03-01 Christoph Lechleitner <lech@ibcl.at>
11 + Added -W option to read bindpasswd from file,
12 + e.g. from /etc/ldap.secret
14 + 2003-03-01 Juerg Michel
16 + Added support for ldap URI via the -H option
20 + 2003-01-31 Henrik Nordstrom <hno@marasystems.com>
22 + Packaged as a distribution, with Makefile, README
25 + Corrected the squid.conf examples in the manpage and
26 + some spelling in the same
28 + Separated the changelog/history to a separate
29 + ChangeLog file (this file)
31 + 2003-01-27 Henrik Nordstrom <hno@marasystems.com>
33 + Cleaned up error messages shown when a nonexisting
34 + user tries to log in
38 + 2003-01-07 Jon Kinred
40 + Fixed user search mode (-F/-u) when -g is not used
44 + 2003-01-03 Henrik Nordstrom <hno@marasystems.com>
46 + Fixed missing string termination on ldap_escape_vale,
47 + and corrected build problem with LDAPv2 libraries
51 + 2002-11-27 Henrik Nordstrom <hno@marasystems.com>
53 + Replacement for ldap_build_filter. Also changed
54 + the % codes to %u (user) and %g (group) which
55 + is a bit more intuitive.
57 + 2002-11-21 Gerard Eviston
59 + Fix ldap_search_s error management. This fixes
60 + a core dump if there is a LDAP search filter
61 + syntax error (possibly caused by malformed input).
65 + 2002-10-22: Henrik Nordstrom <hno@marasystems.com>
71 + 2002-09-21: Gerard Eviston
73 + -S option to strip NT domain names from
78 + 2002-09-09: Henrik Nordstrom <hno@marasystems.com>
80 + Added support for user DN lookups
85 + 2002-09-06: Henrik Nordstrom <hno@marasystems.com>
87 + Many bugfixes in connection management
89 + -g option added, and added support
90 + for multiple groups. Prior versions
91 + only supported one group and an optional
96 + 2002-09-04: Henrik Nordstrom <hno@marasystems.com>
102 + 2002-09-04: Henrik Nordstrom <hno@marasystems.com>
104 + Merged changes from squid_ldap_auth.c
105 + - TLS support (Michael Cunningham)
106 + - -p option to specify port
108 + Documented the % codes to use in -f
112 + 2002-08-21: Henrik Nordstrom <hno@marasystems.com>
114 + Support groups or usernames having spaces
118 + 2002-01-22: Henrik Nordstrom <hno@marasystems.com>
120 + Added optional third query argument for search RDN
122 + 2002-01-22: Henrik Nordstrom <hno@marasystems.com>
124 + Removed unused options, and fully changed name
125 + to squid_ldap_match.
129 + 2001-07-17: Flavio Pescuma <flavio@marasystems.com>
131 + Using the main function from squid_ldap_auth
132 + wrote squid_ldap_match. This program replaces
133 + the %a and %v (ldapfilter.conf) from the filter
134 + template supplied with -f with the two arguments
135 + sent by squid. Returns OK if the ldap_search
136 + using the composed filter succeeds.
138 + Changes from squid_ldap_auth.c:
140 + 2001-12-12: Michael Cunningham <m.cunningham@xpedite.com>
142 + - Added TLS support and partial ldap version 3 support.
144 + 2001-09-05: Henrik Nordstrom <hno@squid-cache.org>
146 + - Added ability to specify another default LDAP port to
147 + connect to. Persistent connections moved to -P
149 + 2001-05-02: Henrik Nordstrom <hno@squid-cache.org>
151 + - Support newer OpenLDAP 2.x libraries using the
152 + revised Internet Draft API which unfortunately
153 + is not backwards compatible with RFC1823..
155 + 2001-04-15: Henrik Nordstrom <hno@squid-cache.org>
157 + - Added command line option for basedn
159 + - Added the ability to search for the user DN
161 + 2001-04-16: Henrik Nordstrom <hno@squid-cache.org>
163 + - Added -D binddn -w bindpasswd.
165 + 2001-04-17: Henrik Nordstrom <hno@squid-cache.org>
167 + - Added -R to disable referrals
169 + - Added -a to control alias dereferencing
171 + 2001-04-17: Henrik Nordstrom <hno@squid-cache.org>
173 + - Added -u, DN username attribute name
175 + 2001-04-18: Henrik Nordstrom <hno@squid-cache.org>
177 + - Allow full filter specifications in -f
180 Index: squid/helpers/external_acl/ldap_group/README
181 diff -c /dev/null squid/helpers/external_acl/ldap_group/README:1.1.2.1
182 *** /dev/null Fri Nov 21 10:14:59 2003
183 --- squid/helpers/external_acl/ldap_group/README Wed Nov 19 17:41:37 2003
187 + This program is a LDAP group helper for Squid.
189 + See the included manpage for documentation.
191 + nroff -man squid_ldap_group.8 | less
193 + See INSTALL for installation instructions
195 + The latest version of this program can always be found from
196 + MARA Systems at http://marasystems.com/download/LDAP_Group/
197 Index: squid/helpers/external_acl/ldap_group/squid_ldap_group.8
198 diff -c squid/helpers/external_acl/ldap_group/squid_ldap_group.8:1.1.2.2 squid/helpers/external_acl/ldap_group/squid_ldap_group.8:1.1.2.3
199 *** squid/helpers/external_acl/ldap_group/squid_ldap_group.8:1.1.2.2 Wed Nov 27 16:42:22 2002
200 --- squid/helpers/external_acl/ldap_group/squid_ldap_group.8 Wed Nov 19 17:41:37 2003
203 ! .TH squid_ldap_group 8 "7 September 2002" "Squid LDAP Match"
206 squid_ldap_group - Squid LDAP external acl group helper
209 ! squid_ldap_group -b "base DN" -f "LDAP search filter" [options] [ldap_server_name[:port]...]
212 This helper allows Squid to connect to a LDAP directory to
213 authorize users via LDAP groups.
215 The program operates by searching with a search filter based
216 ! on the users login name and requested group, and if a match
217 is found it is determined that the user belongs to the group.
221 ! .TH squid_ldap_group 8 "1 Mars 2003" "Squid LDAP Group"
224 squid_ldap_group - Squid LDAP external acl group helper
227 ! squid_ldap_group -b "base DN" -f "LDAP search filter" [options] [ldap_server_name[:port]...|URI]
230 This helper allows Squid to connect to a LDAP directory to
231 authorize users via LDAP groups.
233 The program operates by searching with a search filter based
234 ! on the users user name and requested group, and if a match
235 is found it is determined that the user belongs to the group.
242 Specifies that the first query argument sent to the helper by Squid is
243 ! a extension to the basedn and will be temporarily added infront of the
244 global basedn for this query.
250 Specifies that the first query argument sent to the helper by Squid is
251 ! a extension to the basedn and will be temporarily added in front of the
252 global basedn for this query.
257 LDAP search filter used to search the LDAP directory for any
258 matching group memberships.
260 ! In the filter %u will be replaced by the user login name (or DN if
261 the -F or -u options are used) and %g by the requested group name.
265 LDAP search filter used to search the LDAP directory for any
266 matching group memberships.
268 ! In the filter %u will be replaced by the user name (or DN if
269 the -F or -u options are used) and %g by the requested group name.
274 LDAP search filter used to search the LDAP directory for any
277 ! In the filter %s will be replaced by the user login name. If % is to be
278 included literally in the filter then use %%.
282 ! LDAP attribute used to construct the user DN from the login name and
286 .BI "-s " base|one|sub
288 LDAP search filter used to search the LDAP directory for any
291 ! In the filter %s will be replaced by the user name. If % is to be
292 included literally in the filter then use %%.
296 ! LDAP attribute used to construct the user DN from the user name and
297 ! base dn without needing to search for the user.
300 .BI "-s " base|one|sub
303 extracts the password used from a process listing.
307 Use a persistent LDAP connection. Normally the LDAP connection
308 ! is only open while validating a username to preserve resources
309 ! at the LDAP server. This option causes the LDAP connection to
310 be kept open, allowing it to be reused for further user
311 validations. Recommended for larger installations.
314 extracts the password used from a process listing.
317 + .BI "-D " "binddn " "-W " "secretfile "
318 + The DN and the name of a file containing the password
319 + to bind as while performing searches.
321 + Less insecure version of the former parameter pair with two advantages:
322 + The password does not occur in the process listing,
323 + and the password is not being compromised if someone gets the squid
324 + configuration file without getting the secretfile.
328 Use a persistent LDAP connection. Normally the LDAP connection
329 ! is only open while verifying a users group membership to preserve
330 ! resources at the LDAP server. This option causes the LDAP connection to
331 be kept open, allowing it to be reused for further user
332 validations. Recommended for larger installations.
341 + Specity the LDAP server to connect to by a LDAP URI (requires OpenLDAP libraries)
345 Specify the LDAP server to connect to
349 other than the default LDAP port 389.
353 ! Strip NT domain name component from usernames (/ or \\ separated)
355 .SH SQUID CONFIGURATION
358 other than the default LDAP port 389.
366 + Enable LDAP over SSL (requires Netscape LDAP API libraries)
369 + .BI -c connect_timeout
370 + Specify timeout used when connecting to LDAP servers (requires
371 + Netscape LDAP API libraries)
373 + .BI -t search_timeout
374 + Specify time limit on LDAP search operations
378 ! Strip NT domain name component from user names (/ or \\ separated)
380 .SH SQUID CONFIGURATION
385 external_acl_type ldap_group %LOGIN /path/to/squid_ldap_group ...
387 ! acl group1 ldap_group Group1
389 ! acl group2 ldap_gorup Group2
395 ! When constructing search filters it is strongly recommended to test the filter
396 using ldapsearch before you attempt to use squid_ldap_group. This to verify
397 that the filter matches what you expect.
401 external_acl_type ldap_group %LOGIN /path/to/squid_ldap_group ...
403 ! acl group1 external ldap_group Group1
405 ! acl group2 external ldap_group Group2
411 ! When constructing search filters it is recommended to first test the filter
412 using ldapsearch before you attempt to use squid_ldap_group. This to verify
413 that the filter matches what you expect.
417 .I Glen Newton <glen.newton@nrc.ca>
419 .SH KNOWN LIMITATIONS
420 ! Max 16 occurances of %s in the -u argument is supported.
423 Any questions on usage can be sent to
425 .I Glen Newton <glen.newton@nrc.ca>
427 .SH KNOWN LIMITATIONS
428 ! Max 16 occurrences of %s in the -u argument is supported.
431 Any questions on usage can be sent to
432 Index: squid/helpers/external_acl/ldap_group/squid_ldap_group.c
433 diff -c squid/helpers/external_acl/ldap_group/squid_ldap_group.c:1.2.2.11 squid/helpers/external_acl/ldap_group/squid_ldap_group.c:1.2.2.13
434 *** squid/helpers/external_acl/ldap_group/squid_ldap_group.c:1.2.2.11 Sat Jan 11 06:07:08 2003
435 --- squid/helpers/external_acl/ldap_group/squid_ldap_group.c Fri Nov 21 10:13:58 2003
438 * Henrik Nordstrom <hno@marasystems.com>
439 * MARA Systems AB, Sweden <http://www.marasystems.com>
441 ! * With contributions from others mentioned in the change histor section
444 * In part based on squid_ldap_auth by Glen Newton and Henrik Nordstrom.
447 * Henrik Nordstrom <hno@marasystems.com>
448 * MARA Systems AB, Sweden <http://www.marasystems.com>
450 ! * With contributions from others mentioned in the ChangeLog file
452 * In part based on squid_ldap_auth by Glen Newton and Henrik Nordstrom.
456 * and/or modify it under the terms of the GNU General Public License
457 * as published by the Free Software Foundation; either version 2,
458 * or (at your option) any later version.
463 - * 2003-01-07 Jon Kinred
464 - * Fixed user search mode (-F/-u) when -g is not used
466 - * 2003-01-03 Henrik Nordstrom <hno@marasystems.com>
467 - * Fixed missing string termination on ldap_escape_vale,
468 - * and corrected build problem with LDAPv2 libraries
470 - * 2002-11-27 Henrik Nordstrom <hno@marasystems.com>
471 - * Replacement for ldap_build_filter. Also changed
472 - * the % codes to %u (user) and %g (group) which
473 - * is a bit more intuitive.
474 - * 2002-11-21 Gerard Eviston
475 - * Fix ldap_search_s error management. This fixes
476 - * a core dump if there is a LDAP search filter
477 - * syntax error (possibly caused by malformed input).
479 - * 2002-10-22: Henrik Nordstrom <hno@marasystems.com>
480 - * strwordtok bugfix
482 - * 2002-09-21: Gerard Eviston
483 - * -S option to strip NT domain names from
486 - * 2002-09-09: Henrik Nordstrom <hno@marasystems.com>
487 - * Added support for user DN lookups
488 - * (-u -B -F options)
490 - * 2002-09-06: Henrik Nordstrom <hno@marasystems.com>
491 - * Many bugfixes in connection management
492 - * -g option added, and added support
493 - * for multiple groups. Prior versions
494 - * only supported one group and an optional
497 - * 2002-09-04: Henrik Nordstrom <hno@marasystems.com>
500 - * 2002-09-04: Henrik Nordstrom <hno@marasystems.com>
501 - * Merged changes from squid_ldap_auth.c
502 - * - TLS support (Michael Cunningham)
503 - * - -p option to specify port
504 - * Documented the % codes to use in -f
506 - * 2002-08-21: Henrik Nordstrom <hno@marasystems.com>
507 - * Support groups or usernames having spaces
509 - * 2002-01-22: Henrik Nordstrom <hno@marasystems.com>
510 - * Added optional third query argument for search RDN
511 - * 2002-01-22: Henrik Nordstrom <hno@marasystems.com>
512 - * Removed unused options, and fully changed name
513 - * to squid_ldap_group.
515 - * 2001-07-17: Flavio Pescuma <flavio@marasystems.com>
516 - * Using the main function from squid_ldap_auth
517 - * wrote squid_ldap_group. This program replaces
518 - * the %a and %v (ldapfilter.conf) from the filter
519 - * template supplied with -f with the two arguments
520 - * sent by squid. Returns OK if the ldap_search
521 - * using the composed filter succeeds.
523 - * Changes from squid_ldap_auth.c:
525 - * 2001-12-12: Michael Cunningham <m.cunningham@xpedite.com>
526 - * - Added TLS support and partial ldap version 3 support.
527 - * 2001-09-05: Henrik Nordstrom <hno@squid-cache.org>
528 - * - Added ability to specify another default LDAP port to
529 - * connect to. Persistent connections moved to -P
530 - * 2001-05-02: Henrik Nordstrom <hno@squid-cache.org>
531 - * - Support newer OpenLDAP 2.x libraries using the
532 - * revised Internet Draft API which unfortunately
533 - * is not backwards compatible with RFC1823..
534 - * 2001-04-15: Henrik Nordstrom <hno@squid-cache.org>
535 - * - Added command line option for basedn
536 - * - Added the ability to search for the user DN
537 - * 2001-04-16: Henrik Nordstrom <hno@squid-cache.org>
538 - * - Added -D binddn -w bindpasswd.
539 - * 2001-04-17: Henrik Nordstrom <hno@squid-cache.org>
540 - * - Added -R to disable referrals
541 - * - Added -a to control alias dereferencing
542 - * 2001-04-17: Henrik Nordstrom <hno@squid-cache.org>
543 - * - Added -u, DN username attribute name
544 - * 2001-04-18: Henrik Nordstrom <hno@squid-cache.org>
545 - * - Allow full filter specifications in -f
555 - #include <ldap_cdefs.h>
558 #define PROGRAM_NAME "squid_ldap_group"
565 + #if defined(LDAP_OPT_NETWORK_TIMEOUT)
566 + #include <sys/time.h>
569 #define PROGRAM_NAME "squid_ldap_group"
574 static int noreferrals = 0;
575 static int debug = 0;
576 static int aliasderef = LDAP_DEREF_NEVER;
577 + #if defined(NETSCAPE_SSL)
578 + static char *sslpath = NULL;
579 + static int sslinit = 0;
581 + static int connect_timeout = 0;
582 + static int timelimit = LDAP_NO_LIMIT;
585 /* Added for TLS support and version 3 */
590 static int searchLDAP(LDAP * ld, char *group, char *user, char *extension_dn);
592 + static int readSecret(char *filename);
594 /* Yuck.. we need to glue to different versions of the API */
596 #if defined(LDAP_API_VERSION) && LDAP_API_VERSION > 1823
600 int *value = referrals ? LDAP_OPT_ON : LDAP_OPT_OFF;
601 ldap_set_option(ld, LDAP_OPT_REFERRALS, value);
604 + squid_ldap_set_timelimit(LDAP *ld, int timelimit)
606 + ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &timelimit);
609 + squid_ldap_set_connect_timeout(LDAP *ld, int timelimit)
611 + #if defined(LDAP_OPT_NETWORK_TIMEOUT)
613 + tv.tv_sec = timelimit;
615 + ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tv);
616 + #elif defined(LDAP_X_OPT_CONNECT_TIMEOUT)
618 + ldap_set_option(ld, LDAP_X_OPT_CONNECT_TIMEOUT, &timelimit);
622 squid_ldap_memfree(char *p)
628 ld->ld_options &= ~LDAP_OPT_REFERRALS;
631 + squid_ldap_set_timelimit(LDAP *ld, int timelimit)
633 + ld->ld_timelimit = timelimit;
636 + squid_ldap_set_connect_timeout(LDAP *ld, int timelimit)
638 + fprintf(stderr, "Connect timeouts not supported in your LDAP library\n");
641 squid_ldap_memfree(char *p)
649 + #ifdef LDAP_API_FEATURE_X_OPENLDAP
650 + #if LDAP_VENDOR_VERSION > 194
651 + #define HAS_URI_SUPPORT 1
656 strwordtok(char *buf, char **t)
665 + #if !HAS_URI_SUPPORT
666 + fprintf(stderr, "ERROR: Your LDAP library does not have URI support\n");
669 + /* Fall thru to -h */
672 int len = strlen(ldapServer) + 1 + strlen(value) + 1;
675 ldapServer = strdup(value);
690 + #if defined(NETSCAPE_SSL)
692 + if (port == LDAP_PORT)
695 + fprintf(stderr, PROGRAM_NAME " ERROR: -E unsupported with this LDAP library\n");
700 + connect_timeout = atoi(value);
703 + timelimit = atoi(value);
706 if (strcmp(value, "never") == 0)
707 aliasderef = LDAP_DEREF_NEVER;
715 + readSecret (value);
718 persistent = !persistent;
723 use_extension_dn = 1;
731 use_extension_dn = 1;
739 fprintf(stderr, "\t-s base|one|sub\t\tsearch scope\n");
740 fprintf(stderr, "\t-D binddn\t\tDN to bind as to perform searches\n");
741 fprintf(stderr, "\t-w bindpasswd\t\tpassword for binddn\n");
742 fprintf(stderr, "\t-h server\t\tLDAP server (defaults to localhost)\n");
743 fprintf(stderr, "\t-p port\t\t\tLDAP server port (defaults to %d)\n", LDAP_PORT);
744 fprintf(stderr, "\t-P\t\t\tpersistent LDAP connection\n");
745 fprintf(stderr, "\t-R\t\t\tdo not follow referrals\n");
746 fprintf(stderr, "\t-a never|always|search|find\n\t\t\t\twhen to dereference aliases\n");
747 ! fprintf(stderr, "\t-v 1|2\t\t\tLDAP version\n");
748 fprintf(stderr, "\t-Z\t\t\tTLS encrypt the LDAP connection, requires\n\t\t\t\tLDAP version 3\n");
749 fprintf(stderr, "\t-g\t\t\tfirst query parameter is base DN extension\n\t\t\t\tfor this query\n");
750 fprintf(stderr, "\t-S\t\t\tStrip NT domain from usernames\n");
751 fprintf(stderr, "\n");
752 ! fprintf(stderr, "\tIf you need to bind as a user to perform searches then use the\n\t-D binddn -w bindpasswd options\n\n");
755 while (fgets(buf, 256, stdin) != NULL) {
757 fprintf(stderr, "\t-s base|one|sub\t\tsearch scope\n");
758 fprintf(stderr, "\t-D binddn\t\tDN to bind as to perform searches\n");
759 fprintf(stderr, "\t-w bindpasswd\t\tpassword for binddn\n");
760 + fprintf(stderr, "\t-W secretfile\t\tread password for binddn from file secretfile\n");
761 + #if HAS_URI_SUPPORT
762 + fprintf(stderr, "\t-H URI\t\t\tLDAPURI (defaults to ldap://localhost)\n");
764 fprintf(stderr, "\t-h server\t\tLDAP server (defaults to localhost)\n");
765 fprintf(stderr, "\t-p port\t\t\tLDAP server port (defaults to %d)\n", LDAP_PORT);
766 fprintf(stderr, "\t-P\t\t\tpersistent LDAP connection\n");
767 + #if defined(NETSCAPE_SSL)
768 + fprintf(stderr, "\t-E sslcertpath\t\tenable LDAP over SSL\n");
770 + fprintf(stderr, "\t-c timeout\t\tconnect timeout\n");
771 + fprintf(stderr, "\t-t timelimit\t\tsearch time limit\n");
772 fprintf(stderr, "\t-R\t\t\tdo not follow referrals\n");
773 fprintf(stderr, "\t-a never|always|search|find\n\t\t\t\twhen to dereference aliases\n");
774 ! #ifdef LDAP_VERSION3
775 ! fprintf(stderr, "\t-v 2|3\t\t\tLDAP version\n");
776 fprintf(stderr, "\t-Z\t\t\tTLS encrypt the LDAP connection, requires\n\t\t\t\tLDAP version 3\n");
778 fprintf(stderr, "\t-g\t\t\tfirst query parameter is base DN extension\n\t\t\t\tfor this query\n");
779 fprintf(stderr, "\t-S\t\t\tStrip NT domain from usernames\n");
780 fprintf(stderr, "\n");
781 ! fprintf(stderr, "\tIf you need to bind as a user to perform searches then use the\n\t-D binddn -w bindpasswd or -D binddn -W secretfile options\n\n");
784 while (fgets(buf, 256, stdin) != NULL) {
790 if ((ld = ldap_init(ldapServer, port)) == NULL) {
791 ! fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n",
797 version = LDAP_VERSION2;
802 + #if HAS_URI_SUPPORT
803 + if (strstr(ldapServer, "://") != NULL) {
804 + rc = ldap_initialize( &ld, ldapServer );
805 + if( rc != LDAP_SUCCESS ) {
806 + fprintf(stderr, "\nUnable to connect to LDAPURI:%s\n", ldapServer);
813 + if ( !sslinit && (ldapssl_client_init(sslpath, NULL) != LDAP_SUCCESS)) {
814 + fprintf(stderr, "\nUnable to initialise SSL with cert path %s\n",
820 + if ((ld = ldapssl_init(ldapServer, port, 1)) == NULL) {
821 + fprintf(stderr, "\nUnable to connect to SSL LDAP server: %s port:%d\n",
827 if ((ld = ldap_init(ldapServer, port)) == NULL) {
828 ! fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n",ldapServer, port);
832 + if (connect_timeout)
833 + squid_ldap_set_connect_timeout(ld, connect_timeout);
837 version = LDAP_VERSION2;
844 + squid_ldap_set_timelimit(ld, timelimit);
845 squid_ldap_set_referrals(ld, !noreferrals);
846 squid_ldap_set_aliasderef(ld, aliasderef);
847 if (binddn && bindpasswd && *binddn && *bindpasswd) {
853 ! fprintf(stderr, "filter %s\n", filter);
855 rc = ldap_search_s(ld, searchbase, searchscope, filter, NULL, 1, &res);
856 if (rc != LDAP_SUCCESS) {
861 ! fprintf(stderr, "group filter '%s', searchbase '%s'\n", filter, searchbase);
863 rc = ldap_search_s(ld, searchbase, searchscope, filter, NULL, 1, &res);
864 if (rc != LDAP_SUCCESS) {
870 fprintf(stderr, PROGRAM_NAME " WARNING, LDAP search error '%s'\n", ldap_err2string(rc));
871 + #if defined(NETSCAPE_SSL)
872 + if (sslpath && ((rc == LDAP_SERVER_DOWN) || (rc == LDAP_CONNECT_ERROR))) {
873 + int sslerr = PORT_GetError();
874 + fprintf(stderr, PROGRAM_NAME ": WARNING, SSL error %d (%s)\n", sslerr, ldapssl_err2string(sslerr));
882 ldap_escape_value(escaped_login, sizeof(escaped_login), login);
883 snprintf(filter, sizeof(filter), usersearchfilter, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login);
885 ! fprintf(stderr, "user filter %s\n", filter);
886 rc = ldap_search_s(ld, searchbase, searchscope, filter, NULL, 1, &res);
887 if (rc != LDAP_SUCCESS) {
888 if (noreferrals && rc == LDAP_PARTIAL_RESULTS) {
890 ldap_escape_value(escaped_login, sizeof(escaped_login), login);
891 snprintf(filter, sizeof(filter), usersearchfilter, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login);
893 ! fprintf(stderr, "user filter '%s', searchbase '%s'\n", filter, searchbase);
894 rc = ldap_search_s(ld, searchbase, searchscope, filter, NULL, 1, &res);
895 if (rc != LDAP_SUCCESS) {
896 if (noreferrals && rc == LDAP_PARTIAL_RESULTS) {
901 fprintf(stderr, PROGRAM_NAME " WARNING, LDAP search error '%s'\n", ldap_err2string(rc));
906 entry = ldap_first_entry(ld, res);
908 ! fprintf(stderr, PROGRAM_NAME " WARNING, User '%s' not found\n", filter);
915 fprintf(stderr, PROGRAM_NAME " WARNING, LDAP search error '%s'\n", ldap_err2string(rc));
916 + #if defined(NETSCAPE_SSL)
917 + if (sslpath && ((rc == LDAP_SERVER_DOWN) || (rc == LDAP_CONNECT_ERROR))) {
918 + int sslerr = PORT_GetError();
919 + fprintf(stderr, PROGRAM_NAME ": WARNING, SSL error %d (%s)\n", sslerr, ldapssl_err2string(sslerr));
926 entry = ldap_first_entry(ld, res);
928 ! fprintf(stderr, PROGRAM_NAME " WARNING, User '%s' not found in '%s'\n", login, searchbase);
936 return searchLDAPGroup(ld, group, login, extension_dn);
941 + int readSecret(char *filename)
947 + if(!(f=fopen(filename, "r"))) {
948 + fprintf(stderr, PROGRAM_NAME " ERROR: Can not read secret file %s\n", filename);
952 + if( !fgets(buf, sizeof(buf)-1, f)) {
953 + fprintf(stderr, PROGRAM_NAME " ERROR: Secret file %s is empty\n", filename);
958 + /* strip whitespaces on end */
959 + if((e = strrchr(buf, '\n'))) *e = 0;
960 + if((e = strrchr(buf, '\r'))) *e = 0;
962 + bindpasswd = (char *) calloc(sizeof(char), strlen(buf)+1);
964 + strcpy(bindpasswd, buf);
966 + fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n");
973 Index: squid/helpers/external_acl/ldap_group/Makefile.in
974 diff -c squid/helpers/external_acl/ldap_group/Makefile.in:1.1.2.5 squid/helpers/external_acl/ldap_group/Makefile.in:1.1.2.6
975 *** squid/helpers/external_acl/ldap_group/Makefile.in:1.1.2.5 Tue Feb 11 19:02:43 2003
976 --- squid/helpers/external_acl/ldap_group/Makefile.in Wed Nov 19 17:43:41 2003
982 ! DIST_COMMON = Makefile.am Makefile.in
983 SOURCES = $(squid_ldap_group_SOURCES)
990 ! DIST_COMMON = README ChangeLog Makefile.am Makefile.in
991 SOURCES = $(squid_ldap_group_SOURCES)