Hi everyone
During configuration of LDAP basic and group authentication methods by
Squid, a came across this error (/var/log/squid3/cache.log):
Code:
WARNING: external ACL 'memberof' queue overload. Request rejected
'administrator InternetAccess'.For basic authentication I use following
piece of code:
Code:
auth_param basic program /usr/lib/squid3/basic_ldap_auth -P -R -u cn -b
"cn=Users,dc=dot,dc=lan" ubuntu.dot.lan
auth_param basic realm ubuntu.dot.lanThe test shows:
Administrator Pa77w0rd
OK.
For LDAP groups I use this:
Code:
external_acl_type memberof %LOGIN
/usr/lib/squid3/ext_ldap_group_acl -P -R -K -b "dc=dot,dc=lan" -f
"(&(cn=%v)(memberOf=cn=%a,cn=Users,dc=dot,dc=lan))" -D
nslcd-service@xxxxxxx -w "Pa77w0rd" -h ubuntu.dot.lan
The test shows:
Administrator InternetAccess
OK
My ACL list has following rules:
Code:
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl LDAP_Auth proxy_auth REQUIRED
acl ClientNet src 192.168.1.135
acl Block_site url_regex -i fb vk youtube
acl InetAccess external memberof InternetAccess
And my Access/deny rules are:
Code:
http_access allow localhost manager
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny Block_site
http_access allow InetAccess
http_access deny !LDAP_Auth
http_access allow ClientNet
http_access deny all
Where is the problem? How to solve it?
Thank you.