I started looking 'ignore-no-cache' feature and found that it has been implemented in Squid-2.6. I have tried to migrate current Squid-2.5STABLE14 to Squid-2.6, but I found a problem with LDAP Group identification. The squid_ldap_group is working fine on Squid-2.5, but not on Squid-2.6. The external_acl_type is configured as: external_acl_type ldap-group concurrency=6 %LOGIN /opt/oss/squid/libexec/squid _ldap_group -b t=COMPANY -f (&(objectClass=person)(groupMembership=%a)(cn=%v)) -D cn=ldap-auth,o=system -w password -s sub -P -S ldap-1 I put '-d' into squid_ldap_group for more verbose, from cache.log file: Squid-2.5 Connected OK group filter '(&(objectClass=person)(groupMembership=cn=internet-access,ou=groups,o=qogr)(cn=bob))', searchbase 't=COMPANY' Squid-2.6 Connected OK group filter '(&(objectClass=person)(groupMembership=company\5cbob)(cn=0))', searchbase 't=COMPANY' squid_ldap_group WARNING, LDAP search error 'Invalid DN syntax'
From the cache.log files, it can be noticed there is some problem
with 'groupMembership' and 'cn'. I tried to run ldapsearch and it works fine ./ldapsearch -L -h ldap-1 -b "t=COMPANY" -s sub -D "cn=ldap-auth,o=system" -w password "(&(objectClass=person)(groupMembership=cn=internet-access,ou=groups,o=system)(cn=bob))" I tried to run ldapsearch and it works fine. Is there anything I should change in squid_ldap_group arguments? Thanks. VinylBNE
