Port www/squid33: LDAP authentication helpers cannot connect via TLS

P

pvoigt

I've installed port www/squid33 with LDAP support under FreeBSD 9.2-RELEASE. When trying to connect to my OpenLDAP server which is hosted on the same FreeBSD server I have found that the authentication helper basic_ldap_auth cannot connect to the LDAP server using TLS. The helper retruns:
Code: 
Could not Activate TLS connect
Simple binds, e.g. those without the -Z switch are working as expected.

To exclude any misconfiguration of my OpenLDAP server I've checked the basic_ldap_auth from my Linux box. The TLS connection immediately worked as expected. That's why I conclude the basic_ldap_auth helper of FreeBSD may contain an error.

Unfortunately basic_ldap_auth does give just the above error message even with the debugging switch -d. At the same time my OpenLDAP server shows following logging output:
Code: 
Nov  9 15:03:09 freebsd slapd[966]: conn=1947 fd=79 ACCEPT from IP=192.168.1.105:11555 (IP=0.0.0.0:389)
Nov  9 15:03:09 freebsd slapd[966]: conn=1947 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Nov  9 15:03:09 freebsd slapd[966]: conn=1947 op=0 STARTTLS
Nov  9 15:03:09 freebsd slapd[966]: conn=1947 op=0 RESULT oid= err=0 text=
Nov  9 15:03:09 freebsd slapd[966]: conn=1947 fd=79 TLS established tls_ssf=256 ssf=256
Nov  9 15:03:09 freebsd slapd[966]: conn=1947 fd=79 closed (connection lost)

This looks strange to me as TLS connection seems to work but indeed fails to return data and produces above TLS error message.

The same error occurs with digest_ldap_auth which unfortunately does not install with configure option
Code: 
AUTH_LDAP=on
I've had to manually compile and install before a make clean. And also this helper works as expected without TLS.
 
You must log in or register to reply here.
Back
Top