The problem is now SOLVED !!!
THANKS A LOT ! :D
The issue was that i had to pass the "-S" argument for the
squid_ldap_group helper... Now everything works as it should !
This mailing list is awesome and so is SQUID !
Thanks :)
On Wed, Dec 15, 2010 at 2:06 PM, François Bastien <frabas@xxxxxxxxx> wrote:
> So, in the end i'll be using Amos settings so i can manage only one group :
>
> http_access allow ldapgroup-unrestricted
> http_access deny work_unrelated !acl_lunchbreak_time
> http_access allow authenticated
> http_access deny all
>
> I'm currently at the next step : debugging.... And i found something
> quite interesting :
>
> aclMatchExternal: ldapgroup("domain%5Cuser unrestricted") = lookup needed
> aclMatchAclList: no match, returning 0
> externalAclLookup: lookup in 'ldapgroup' for 'domain%5Cuser unrestricted'
> externalAclHandleReply: reply="ERR"
>
> So it seems that the username given to the squid_ldap_group helper is
> wrong because of the "%5C".
> Maybe i should strip the domain\ from the username ?
> Using the helper in command line works and returns OK.
>
> At least we have a lead... :)
>
> Any suggestions ?
>
> Thanks again.
>
> François
>
> On Wed, Dec 15, 2010 at 1:16 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
>> On 16/12/10 00:48, François Bastien wrote:
>>>
>>> Hey guys !
>>>
>>> Still no luck.
>>>
>>> I tried implementing Marcio's settings. It still does not work.
>>
>> Next step then is to start debugging why not. Either of those two setups
>> should have worked.
>>
>> Set:
>> debug_options ALL,1 28,5 29,5 82,5
>>
>> ... and see what is rejecting and why.
>>
>> Amos
>> --
>> Please be using
>> Current Stable Squid 2.7.STABLE9 or 3.1.9
>> Beta testers wanted for 3.2.0.3
>>
>
