[squid-users] Squid and AD Group (ext_ldap_group_acl)

Olivier CALVANO o.calvano at gmail.com
Sun Feb 7 08:39:46 UTC 2016


Hi

i have a problems with AD Group, i use this config:


external_acl_type AD_Group children-startup=5 children-max=100
concurrency=80 ttl=1800 negative_ttl=900 %LOGIN
/usr/lib64/squid/ext_ldap_group_acl -d -S -K -R -b DC=mydomain,DC=fr -D
cn=UserAdmin,ou=vpn,dc=mydomain,dc=fr -w "Pa77word" -f
(&(objectclass=person)
(sAMAccountName=%v)(memberof=CN=%g,OU=Admin,DC=mydomain,DC=fr)) -h
192.168.10.1


acl Group_Allowed external AD_Group Internet-Access
http_access allow Group_Allowed
http_access deny !Group_Allowed


When i want use the proxy, squid request all time the Login/pass

if i change config:

http_access allow Group_Allowed
http_access deny !Group_Allowed
in
#http_access allow Group_Allowed
#http_access deny !Group_Allowed

access is Ok but he don't use AD Group :<.


In commande ligne that's work:


/usr/lib64/squid/ext_ldap_group_acl -d -S -K -R -b DC=mydomain,DC=fr -D
cn=UserAdmin,ou=vpn,dc=mydomain,dc=fr -w "Pa77word" -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=CN=%g,OU=Admin,DC=mydomain,DC=fr))"
-h 192.168.10.1
UserTest Internet-Access
OK

In cache.log, i have only:

xt_ldap_group_acl.cc(587): pid=9767 :Connected OK
ext_ldap_group_acl.cc(726): pid=9767 :group filter
'(&(objectclass=person)(sAMAccountName=0)(memberof=CN=UserTest,OU=Admin,DC=mydomain,DC=fr))',
searchbase 'DC=mydomain,DC=fr'
ext_ldap_group_acl.cc(726): pid=9767 :group filter
'(&(objectclass=person)(sAMAccountName=0)(memberof=CN=Internet-Access,OU=Admin,DC=mydomain,DC=fr))',
searchbase 'DC=mydomain,DC=fr'


anyone have this type of problems ?

thanks
Olivier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160207/f693c966/attachment.html>


More information about the squid-users mailing list