Search squid archive

Re: squid_ldap_auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, Henrik.

Henrik Nordstrom wrote:
2) the RFC rfc2254 defined the excaping of the characeters. it doesnt say that spaces need to be escaped, but, since squid_ldap_group doesn't accept neither quotes nor doublequotes, I tried to use RFC2254 escaping when using squid_ldap_group from shell.

See the external_acl_type directive for a description of the format used
between Squid and the helper..

        If protocol=3.0 (the default) then URL escaping is used to protect
        each value in both requests and responses.

        If using protocol=2.5 then all values need to be enclosed in quotes
        if they may contain whitespace, or the whitespace escaped using \.
        And quotes or \ characters within the keyword value must be \ escaped.

Usernames with spaces in them should work fine in your Squid.

To test manually from the command line you need to properly escape the
input to the helper. As you are using Squid-2.6 the input should be
URL-escaped using %20 as space.


Thanks for the explanation of the ttl parameter, now it works fine.

But I still have the same problem with spaces.

So, I have the

acl ad-internet-users external ldap_group Internet Users - Proxy1

line in config. And helper uses the protocol 3.0. When it looks as above squid thinks that this is the list of groups, and parses them sequentually one after one.
With the look like this

acl ad-internet-users external ldap_group Internet%20Users%20-%20Proxy1

(which works fine from the commandline test) it looks like those symbols are passed to helper in some escaped way, because they appear in helper's debug log :(.

So when launched from shell I get (manually inserting Internet%20Users%20-%20Proxy1):

%./squid_ldap_group -d -b cn=Users,dc=domain,dc=local-f "(&(cn=%g)(member=%u)(objectClass=group))" -F "sAMAccountname=%s"
-D cn=dca,cn=Users,dc=domain,dc=local -w somepass -h 192.168.3.6 -v 3 -p 389
emz Internet%20Users%20-%20Proxy1
Connected OK
user filter 'sAMAccountname=emz', searchbase 'cn=Users,dc=domain,dc=local'
group filter '(&(cn=Internet Users - Proxy1)(member=CN=Some User,CN=Users,DC=domain,DC=local)(objectCla
ss=group))', searchbase 'cn=Users,dc=domain,dc=local'
OK

(all is fine)

When used in squid config (from the last example above) I see those lines in cache.log:

Connected OK
user filter 'sAMAccountname=emz', searchbase 'cn=Users,dc=domain,dc=local'
group filter '(&(cn=Internet%20Users%20-%20Proxy1)(member=CN=Some User,CN=Users,DC=domain,DC=local)
(objectClass=group))', searchbase 'cn=Users,dc=domain,dc=local'

and I suppose this confuses helper, as squid doesn't allow this user to get his requested web-page.

I also tried to use 'protocol=2.5' parameter as the helper argument in squid config (edited the config, stopped squid, started squid again).
I get the following results with it:

Internet\ Users\ -\ Proxy1 - '\' escaped as \5c, space trimmed
"Internet Users - Proxy1" - I get 'strToFile Internet not found' message
'Internet Users - Proxy1' - I get the same message.
Internet Users - Proxy1 - not tried, because its clear that squid will think that its a list.

So I still don't understand how to uses spaces. Forgive me my possible dumbness, but can you give me any further advices ?


Thanks. Eugene.

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux