On Thu, 10 Mar 2011 13:29:20 +1300, Clint Dilks wrote:
Hi Everyone
I am encountering an issue with this module which I don't understand.
Stage 1
<snip working manual>
So I add the following to my squid.conf file
external_acl_type ldap_group %LOGIN /usr/lib64/squid/squid_ldap_group
-d -b
"ou=People,dc=cms,dc=waikato,dc=ac,dc=nz" -f
'(&(uid=%u)(memberof=cn=%g,ou=groups,ou=people,dc=cms,dc=waikato,dc=ac,dc=nz))'
localhost
acl mysql external ldap_group mysql
And edit the access rule to become
http_access allow ldapauth mysql
Squid parse and loads the configuration. If I attempt to
authenticate as
the valid user clintd, but with an incorrect password I am prompted
to
re-enter the password. If I supply valid auth information for the
user
clintd. I get a page saying squid is denying my request. Why is
this ?? I
could understand if Im passing an invalid command line to
squid_ldap_group
but testing it manually seems to work correctly.
As this is a non-production squid configuration at present I have
removed
all other acls and etc that may have been interfering but still see
the same
behavior. Does anyone have an idea what I am doing wrong or
suggestions as
to how I trouble shoot this further.
I see you still have the -d option set in squid.conf. So cache.log
should show the same traces as the manual test did. Is this showing
anything?
The most common reason for this type of behaviour is user account
permissions (squid's versus the manual testers).
Amos Jeffries
PS. I'm on your campus and have an hour free from 3.30pm if you want me
to drop by today and help dredge the logs.
