[squid-users] Squid Cache: Version 3.5.16 and ext_ldap_group_acl

Amos Jeffries squid3 at treenet.co.nz
Tue Apr 12 08:58:26 UTC 2016

On 12/04/2016 8:36 p.m., Thomas Elsäßer wrote:
> Dear all,
> I call from Shell:
> /usr/local/squid/libexec/ext_ldap_group_acl -d -R -b
> "OU=UMW,DC=a,DC=b,DC=de" -D "XXXXXXX at a.b.DE" -w "XXXXXXX" \
>  -f
> "(&(objectClass=person)(sAMAccountName=%v)(MemberOf=CN=%g,OU=DomLokaleGruppen,OU=Gruppen,OU=Benutzer,OU=Min-PRD,OU=XXX,DC=a,DC=b,DC=de))"
> -h dc.a.b.de
> And i trace the helper process, i can see that squid replace the %v with
> username at a.b.de
> So the helper give an ERR return to squid.
> Where can i this configure , that passed variable is only the username ?

That is the user name/label as provided to Squid by the auth helper. It
depends on whether the particular auth helper(s) you are using allow the
credentials domain to be cropped away.

Since it is using "@" symbol look at the Negotiate auth helper options.


More information about the squid-users mailing list