[squid-users] change between squid 3.1 and 3.3.8

FTRIF frank.trifiletti at developpement-durable.gouv.fr
Fri Apr 22 14:40:59 UTC 2016 

Hello,
i have a problem using /usr/lib/squid3/ext_ldap_group_acl which appears in
3.3.8

i have a ldap attribut called InternetAccess which contains the value
"ACCESSINTER"

i want to make an ACL to authorize such people to surf on the net by using a
ldap_group, built with the people who had the value ACCESSINTER in the ldap
attribut called InternetAccess

in command line it works both with squid 3.1 and 3.3.8, the answer is OK:

/usr/lib/squid3/ext_ldap_group_acl -d -b dc=eq,dc=fr -f
"(&(objectclass=person)(InternetAccess=%a)(uid=%u))" myLdapDNSname

fk.tf ACCESSINTER
ext_ldap_group_acl.cc(587): pid=25599 :Connected OK
ext_ldap_group_acl.cc(726): pid=25599 :group filter
'(&(objectclass=person)(InternetAccess=ACCESSINTER)(uid=fk.tf))', searchbase
'dc=eq,dc=fr'
OK

but in the squid.conf v3.3.8, i put the line below  :

external_acl_type ldap_group ipv4 %LOGIN /usr/lib/squid3/ext_ldap_group_acl
-d -b dc=eq,dc=fr -f "(&(objectclass=person)(InternetAccess=%a)(uid=%u))"
myLdapDNSname

it don't work and in my cache.log i found :

779292:2016/04/22 15:56:40.335| external_acl.cc(793) aclMatchExternal:
acl="ldap_group"
779293:2016/04/22 15:56:40.335| external_acl.cc(822) aclMatchExternal: No
helper entry available
779294:2016/04/22 15:56:40.335| external_acl.cc(826) aclMatchExternal:
ldap_group check user authenticated.
779295:2016/04/22 15:56:40.335| external_acl.cc(832) aclMatchExternal:
ldap_group user is authenticated.
779296:2016/04/22 15:56:40.335| external_acl.cc(856) aclMatchExternal:
ldap_group("fk.tf ACCESSINTER") = lookup needed
779297:2016/04/22 15:56:40.335| external_acl.cc(858) aclMatchExternal:
"fk.tf ACCESSINTER": entry=@0, age=0
779298:2016/04/22 15:56:40.335| external_acl.cc(861) aclMatchExternal:
"fk.tf ACCESSINTER": queueing a call.
779299:2016/04/22 15:56:40.335| external_acl.cc(863) aclMatchExternal:
"fk.tf ACCESSINTER": return -1.

It's work in squid 3.1 with the external acl called "squid_ldap_group"
instead of "ext_ldap_group_acl"

perhaps i used something in 3.1 which was a bug corrected in 3.3 ?

Thanks for your help







--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/change-between-squid-3-1-and-3-3-8-tp4677229.html
Sent from the Squid - Users mailing list archive at Nabble.com.

More information about the squid-users mailing list