1

Topic: Iredmail + Squid

==== Provide required information ====
- iRedMail version and backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====

Hello, Zhang

You joined the iredmail squid with LDAP?
I'm trying but I can not see if I'm doing it right, you might have more knowledge!

/usr/lib64/squid/squid_ldap_auth -v 2 -b "o=domains,dc=simtrack,dc=com,dc=br" -f "(&(uid=%s)(objectClass=mailUser))" -h 10.1.1.99 -p 389 -d

squid_ldap_auth: WARNING, LDAP search error 'Insufficient access'
ERR Success


/usr/lib64/squid/squid_ldap_auth -v 2 -b "o=domains,dc=simtrack,dc=com,dc=br" -f "(&(mail=%s)(objectClass=mailUser))" -h 10.1.1.99 -p 389 -d

squid_ldap_auth: WARNING, LDAP search error 'Insufficient access'
ERR Success


usr/lib64/squid/squid_ldap_auth -v 3 -b "o=domains,dc=simtrack,dc=com,dc=br" -f "(&(|(mail=%s)(mail=%s))(mail=*simtrack.com.br*))" -h 10.1.1.99 -p 389

squid_ldap_auth: WARNING, LDAP search error 'Insufficient access'
ERR Success


/usr/lib64/squid/squid_ldap_auth -v 3 -b "domainName=simtrack.com.br,o=domains,dc=simtrack,dc=com,dc=br" -h 10.1.1.99 -f "(&(|(mail=%s)(shadowAddress=%s))(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailAlias)(&(objectClass=mailUser)(enabledService=forward))))"

squid_ldap_auth: WARNING, LDAP search error 'Insufficient access'
ERR Success



I know this subject is not on this forum, but if you can help I would be very grateful! Maybe integrated with squid iredmail in the past and can help me.


Thanks for help

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Iredmail + Squid

moreni wrote:

squid_ldap_auth: WARNING, LDAP search error 'Insufficient access'

OpenLDAP in iRedMail is configured to disallow anonymous access, so you MUST bind as a dn with password to query it.

As shown in manual page of squid_ldap_auth, you must use option -D:

-D binddn -w password
The DN and password to bind as while performing searches. Required by the -f flag if the directory does not allow anonymous searches.
As the password needs to be printed in plain text in your Squid configuration it is strongly recommended to use a account with minimal associated privileges. This to limit the damage in case someone could get hold of a copy of your Squid configuration file.

3

Re: Iredmail + Squid

Hello,

Thanks for the help, I managed to make it work
Just for the record!

squid_ldap_auth -v 3 -b "o=domains,dc=example,dc=com,dc=br" -D "cn=Manager,dc=example,dc=com,dc=br" -w "PASSWORD" -f "mail=%s" -h 10.1.1.99 -p 389