Dear Squid-Users,
I would like just to ask a bit of help regarding
squid_ldap_group.
I tried with success the helper from commandline
about a match between a user and a group and everything works
perfectly.
Now, using the same set in squid.conf, it shows me in the
log that the helpers are crashing too quick.
My question are:
1) I
need
absolutely to authenticate first with squid_ldap_auth or I could
leave
the ntlm_auth at the beginning and use only squid_ldap_group to
check
the membership in a ldap group?
2) at the definition of the
external
acl i set "%LOGIN", but to squid_ldap_group what squid pass?
3) Why in
the squid logs for each squid_ldap_group opened show me the
list with
the options?and why it shows me that the -F and -B options
are required
if from commandline works perfectly and are not
requested?
I attach
here the part with my configuration and
(following) the logs:
squid.
conf
#about squid_ldap_group
external_acl_type squid_ldap children=20 %
LOGIN c:
/squid/libexec/squid_ldap_group.exe -R -v "3" -s "sub" -b
"dc=kxxxx,
dc=org" -f "(&(objectClass=person)(sAMAccountName=%v)
(memberOf=cn=%a,
ou=Gruppen,ou=User F\\+E,dc=xx,dc=kxxxx,dc=org))" -d -
D "squidadmin" -
w "xxxxx" -S -K -h "kxdcrt02.kxxxx.org" -p "3268"
then
the right acl
with the group and the setting of the access for those.
From
commandline it returns me an OK but in the running of squid the
helpers crash (I already tried to push up the number of children but
doesn´t help!)
I tried than to make the first authentication with
squid_ldap_auth.
auth_param basic program c:
/squid/libexec/squid_ldap_auth.exe -R -v "3" -s "sub" -b "dc=kxxxx,
dc=org" -f "sAMAccountName=%s" -d -D "squidadmin" -w "xxxxxx" -h
"kxdcrt02.kxxxx.org" -p "3268"
but when the login box appears and I
give my credential or other, simply it remains charging the page and
after a while give me back the loginbox without show me the webpage.
Here I put also the logs:
squid_ldap_group version 2.17
Usage:
squid_ldap_group -b basedn -f filter [options] ldap_server_name
-b
basedn (REQUIRED) base dn under where to search for groups
-f filter
(REQUIRED) group search filter pattern. %v = user,
%a = group
-B
basedn (REQUIRED) base dn under where to search for users
-F filter
(REQUIRED) user search filter pattern. %s = login
-s base|one|sub
search scope
-D binddn DN to bind as to perform searches
-w
bindpasswd password for binddn
-W secretfile read password for
binddn from file secretfile
-h server LDAP server (defaults to
localhost)
-p port LDAP server port (defaults to 389)
-P
persistent LDAP connection
-c timeout connect timeout
-t timelimit
search time limit
-R do not follow referrals
-a
never|always|search|find
when to dereference aliases
-v 2|3
LDAP
version
-Z TLS encrypt the LDAP connection, requires
LDAP
version 3
-g first query parameter is base DN extension
for
this
query
-S Strip NT domain from usernames
-K Strip Kerberos
realm
from usernames
If you need to bind as a user to perform
searches then
use the
-D binddn -w bindpasswd or -D binddn -W
secretfile options
2008/08/07 15:38:01| logfileOpen: opening log c:
/squid/var/logs/access.
log
2008/08/07 15:38:01| Unlinkd pipe opened on
FD 308
2008/08/07 15:38:
01| Swap maxSize 102400 KB, estimated 7876
objects
2008/08/07 15:38:01|
Target number of buckets: 393
2008/08/07
15:38:01| Using 8192 Store
buckets
2008/08/07 15:38:01| Max Mem size:
8192 KB
2008/08/07 15:38:
01| Max Swap size: 102400 KB
2008/08/07 15:38:
01| Local cache digest
enabled; rebuild/rewrite every 3600/3600 sec
2008/08/07 15:38:01|
logfileOpen: opening log c:/squid/var/logs/store.
log
2008/08/07 15:38:
01| Rebuilding storage in c:/squid/var/cache
(CLEAN)
2008/08/07 15:38:
01| Using Least Load store dir selection
2008/08/07 15:38:01| Set
Current Directory to c:/squid/var/cache
2008/08/07 15:38:01| Loaded
Icons.
2008/08/07 15:38:01| Accepting
accelerated HTTP connections at
172.16.30.18, port 8080, FD 314.
2008/08/07 15:38:01| Accepting HTCP
messages on port 4827, FD 315.
2008/08/07 15:38:01| Accepting SNMP
messages on port 3401, FD 316.
2008/08/07 15:38:01| Configuring Parent
172.16.30.16/8123/0
2008/08/07
15:38:01| Ready to serve requests.
2008/08/07 15:38:01| Done reading c:
/squid/var/cache swaplog (0
entries)
2008/08/07 15:38:01| Finished
rebuilding storage from disk.
2008/08/07 15:38:01| 0 Entries
scanned
2008/08/07 15:38:
01| 0 Invalid entries.
2008/08/07 15:
38:01| 0 With
invalid flags.
2008/08/07 15:38:01| 0
Objects loaded.
2008/08/07 15:38:01| 0 Objects expired.
2008/08/07 15:38:
01| 0 Objects cancelled.
2008/08/07 15:38:
01| 0
Duplicate URLs purged.
2008/08/07 15:38:01| 0
Swapfile clashes
avoided.
2008/08/07 15:38:01| Took 0.1 seconds (
0.0 objects/sec).
2008/08/07 15:38:01| Beginning Validation Procedure
2008/08/07 15:38:
01| Completed Validation Procedure
2008/08/07 15:38:
01| Validated 0
Entries
I would be really happy to have any advice
from you.
Thanks in
advance
Antonio
Received on Fri Aug 08 2008 - 10:37:17 MDT
This archive was generated by hypermail 2.2.0 : Fri Aug 08 2008 - 12:00:03 MDT