Re: [squid-users] squid_ldap_group : need help for setting up time and group restriction ACLs...

From: François Bastien <frabas_at_gmail.com>
Date: Wed, 15 Dec 2010 14:19:42 +0100

The problem is now SOLVED !!!

THANKS A LOT ! :D

The issue was that i had to pass the "-S" argument for the
squid_ldap_group helper... Now everything works as it should !

This mailing list is awesome and so is SQUID !

Thanks :)

On Wed, Dec 15, 2010 at 2:06 PM, François Bastien <frabas_at_gmail.com> wrote:
> So, in the end i'll be using Amos settings so i can manage only one group :
>
> http_access allow ldapgroup-unrestricted
> http_access deny work_unrelated !acl_lunchbreak_time
> http_access allow authenticated
> http_access deny all
>
> I'm currently at the next step : debugging.... And i found something
> quite interesting :
>
> aclMatchExternal: ldapgroup("domain%5Cuser unrestricted") = lookup needed
> aclMatchAclList: no match, returning 0
> externalAclLookup: lookup in 'ldapgroup' for 'domain%5Cuser unrestricted'
> externalAclHandleReply: reply="ERR"
>
> So it seems that the username given to the squid_ldap_group helper is
> wrong because of the "%5C".
> Maybe i should strip the domain\ from the username ?
> Using the helper in command line works and returns OK.
>
> At least we have a lead... :)
>
> Any suggestions ?
>
> Thanks again.
>
> François
>
> On Wed, Dec 15, 2010 at 1:16 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> On 16/12/10 00:48, François Bastien wrote:
>>>
>>> Hey guys !
>>>
>>> Still no luck.
>>>
>>> I tried implementing Marcio's settings. It still does not work.
>>
>> Next step then is to start debugging why not. Either of those two setups
>> should have worked.
>>
>> Set:
>>  debug_options ALL,1 28,5 29,5 82,5
>>
>> ... and see what is rejecting and why.
>>
>> Amos
>> --
>> Please be using
>>  Current Stable Squid 2.7.STABLE9 or 3.1.9
>>  Beta testers wanted for 3.2.0.3
>>
>
Received on Wed Dec 15 2010 - 13:19:44 MST

This archive was generated by hypermail 2.2.0 : Wed Dec 15 2010 - 12:00:03 MST