[squid-users] change between squid 3.1 and 3.3.8
Amos Jeffries
squid3 at treenet.co.nz
Sat Apr 23 03:29:25 UTC 2016
On 23/04/2016 2:40 a.m., FTRIF wrote:
> Hello,
> i have a problem using /usr/lib/squid3/ext_ldap_group_acl which appears in
> 3.3.8
>
> i have a ldap attribut called InternetAccess which contains the value
> "ACCESSINTER"
>
> i want to make an ACL to authorize such people to surf on the net by using a
> ldap_group, built with the people who had the value ACCESSINTER in the ldap
> attribut called InternetAccess
>
> in command line it works both with squid 3.1 and 3.3.8, the answer is OK:
>
> /usr/lib/squid3/ext_ldap_group_acl -d -b dc=eq,dc=fr -f
> "(&(objectclass=person)(InternetAccess=%a)(uid=%u))" myLdapDNSname
>
> fk.tf ACCESSINTER
> ext_ldap_group_acl.cc(587): pid=25599 :Connected OK
> ext_ldap_group_acl.cc(726): pid=25599 :group filter
> '(&(objectclass=person)(InternetAccess=ACCESSINTER)(uid=fk.tf))', searchbase
> 'dc=eq,dc=fr'
> OK
Use '%g' macro for group. It will not to collide with URL-encoding of
the parameters.
>
> but in the squid.conf v3.3.8, i put the line below :
>
> external_acl_type ldap_group ipv4 %LOGIN /usr/lib/squid3/ext_ldap_group_acl
> -d -b dc=eq,dc=fr -f "(&(objectclass=person)(InternetAccess=%a)(uid=%u))"
> myLdapDNSname
>
> it don't work and in my cache.log i found :
>
<snip>
> 779298:2016/04/22 15:56:40.335| external_acl.cc(861) aclMatchExternal:
> "fk.tf ACCESSINTER": queueing a call.
> 779299:2016/04/22 15:56:40.335| external_acl.cc(863) aclMatchExternal:
> "fk.tf ACCESSINTER": return -1.
That is sending the lookup. Now Squid awaits the helper response.
>
> It's work in squid 3.1 with the external acl called "squid_ldap_group"
> instead of "ext_ldap_group_acl"
>
> perhaps i used something in 3.1 which was a bug corrected in 3.3 ?
>
There is no sign of any problem in that log snippet. Can you find the
followup where the helper responds?
Amos
More information about the squid-users
mailing list