Search squid archive

squid_ldap_group issue.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,


I'm running squid (Squid Cache version 2.5.STABLE10-NT) on a Windows 2003 server. I'm having trouble with the authentication helper program starting properly.
>From the command line I can run squid_ldap_group.exe against Active Directory and receive ERR for bad input, and OK for good input, for example:



>C:\squid\libexec\squid_ldap_group.exe -b DC=MyCompany,DC=com -D CN=adquery,OU=MySite,DC=MyCompany,DC=com -w adqpassword -f &(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=users,dc=MyCompany,dc=com)) adserver.mycompany.com
>validUserName badGroup
>ERR
>validUserName ProxyAllowed
>OK




When if copy that working line into the squid.config file as below:


>external_acl_type ldap_group %LOGIN C:\squid\libexec\squid_ldap_group.exe -b DC=MyCompany,DC=com -D CN=adquery,OU=MySite,DC=MyCompany,DC=com -w adpassword -f &(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=users,dc=MyCompany,dc=com)) adserver.mycompany.com

>acl Proxy_Allowed external ldap_group ProxyAllowed
>http_access allow Proxy_Allowed



I see this in my cache.log
--------------------------------------------------------------------------------------------------
2005/09/07 17:30:12| helperOpenServers: Starting 5 'C:\squid\libexec\squid_ldap_group.exe' processes

squid_ldap_group version 2.17-2.5

Usage: squid_ldap_group -b basedn -f filter [options] ldap_server_name

	-b basedn (REQUIRED)	base dn under where to search for groups
	-f filter (REQUIRED)	group search filter pattern. %v = user,
				%a = group
	-B basedn (REQUIRED)	base dn under where to search for users
	-F filter (REQUIRED)	user search filter pattern. %s = login
	-s base|one|sub		search scope
	-D binddn		DN to bind as to perform searches
	-w bindpasswd		password for binddn
	-W secretfile		read password for binddn from file secretfile
	-h server		LDAP server (defaults to localhost)
	-p port			LDAP server port (defaults to 389)
	-P			persistent LDAP connection
	-c timeout		connect timeout
	-t timelimit		search time limit
	-R			do not follow referrals
	-a never|always|search|find
				when to dereference aliases
	-v 2|3			LDAP version
	-Z			TLS encrypt the LDAP connection, requires
				LDAP version 3
	-g			first query parameter is base DN extension
				for this query
	-S			Strip NT domain from usernames

	If you need to bind as a user to perform searches then use the
	-D binddn -w bindpasswd or -D binddn -W secretfile options


squid_ldap_group version 2.17-2.5

...same as above 4 more times...
----------------------------------------------------------------------------------------------------

So far I've tried the squid.config file in dos format as well as UNIX format, and I've tried numerous combinations of " and ' around the squid_ldap_group.exe and its parameters.
so far all have the same result, it's like no switches are being passed to squid_ldap_group.exe

any suggestions would be greatly appreciated, thanks in advance for your time.

Todd







[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux