[squid-users] please help me test ext_ldap_group_acl from command line
Amos Jeffries
squid3 at treenet.co.nz
Tue Jul 28 17:56:07 UTC 2015
On 29/07/2015 4:01 a.m., Marko Cupać wrote:
> Hi,
>
> I am testing ext_ldap_group_acl from command line in squid-3.5.6 on
> FreeBSD 10.1-RELEASE-p15 amd64, but I can't make it work with Active
> Directory.
>
> My query is as follows:
> ./ext_ldap_group_acl -d -b "DC=mimar,DC=rs" \
> -f "CN=squid_noaccess" -d ldapbinder at mimar.rs -W "mypass" \
> -h dc1.mimar.rs
>
> After I type user and group name I get:
> pacija squid_noaccess
> ext_ldap_group_acl.cc(579): pid=1550 :Connected OK
> ext_ldap_group_acl.cc(718): pid=1550 :group filter 'CN=squid_noaccess', searchbase 'DC=mimar,DC=rs'
> ext_ldap_group_acl: WARNING: LDAP search error 'Operations error'
> ERR
>
> If I understand well, if user pacija is a member of squid_noaccess
> group, correctly construed query should give me OK. How do I achieve
> this?
Start by typing in the input using external ACL helpers input format.
I assume your squid.conf uses %LOGIN. Which is actually user:password
Notice the colon.
Follow that by running the helper as Squid low-privileged user account.
There's no gain testing that admin account can access things. You want
it working when run by Squid.
Amos
More information about the squid-users
mailing list