[squid-users] Squid and AD Group (ext_ldap_group_acl)
Olivier CALVANO
o.calvano at gmail.com
Sun Feb 7 08:39:46 UTC 2016
Hi
i have a problems with AD Group, i use this config:
external_acl_type AD_Group children-startup=5 children-max=100
concurrency=80 ttl=1800 negative_ttl=900 %LOGIN
/usr/lib64/squid/ext_ldap_group_acl -d -S -K -R -b DC=mydomain,DC=fr -D
cn=UserAdmin,ou=vpn,dc=mydomain,dc=fr -w "Pa77word" -f
(&(objectclass=person)
(sAMAccountName=%v)(memberof=CN=%g,OU=Admin,DC=mydomain,DC=fr)) -h
192.168.10.1
acl Group_Allowed external AD_Group Internet-Access
http_access allow Group_Allowed
http_access deny !Group_Allowed
When i want use the proxy, squid request all time the Login/pass
if i change config:
http_access allow Group_Allowed
http_access deny !Group_Allowed
in
#http_access allow Group_Allowed
#http_access deny !Group_Allowed
access is Ok but he don't use AD Group :<.
In commande ligne that's work:
/usr/lib64/squid/ext_ldap_group_acl -d -S -K -R -b DC=mydomain,DC=fr -D
cn=UserAdmin,ou=vpn,dc=mydomain,dc=fr -w "Pa77word" -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=CN=%g,OU=Admin,DC=mydomain,DC=fr))"
-h 192.168.10.1
UserTest Internet-Access
OK
In cache.log, i have only:
xt_ldap_group_acl.cc(587): pid=9767 :Connected OK
ext_ldap_group_acl.cc(726): pid=9767 :group filter
'(&(objectclass=person)(sAMAccountName=0)(memberof=CN=UserTest,OU=Admin,DC=mydomain,DC=fr))',
searchbase 'DC=mydomain,DC=fr'
ext_ldap_group_acl.cc(726): pid=9767 :group filter
'(&(objectclass=person)(sAMAccountName=0)(memberof=CN=Internet-Access,OU=Admin,DC=mydomain,DC=fr))',
searchbase 'DC=mydomain,DC=fr'
anyone have this type of problems ?
thanks
Olivier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160207/f693c966/attachment.html>
More information about the squid-users
mailing list