On 29/07/2015 5:56 a.m., Amos Jeffries wrote: > On 29/07/2015 4:01 a.m., Marko Cupać wrote: >> Hi, >> >> I am testing ext_ldap_group_acl from command line in squid-3.5.6 on >> FreeBSD 10.1-RELEASE-p15 amd64, but I can't make it work with Active >> Directory. >> >> My query is as follows: >> ./ext_ldap_group_acl -d -b "DC=mimar,DC=rs" \ >> -f "CN=squid_noaccess" -d ldapbinder@xxxxxxxx -W "mypass" \ >> -h dc1.mimar.rs >> >> After I type user and group name I get: >> pacija squid_noaccess >> ext_ldap_group_acl.cc(579): pid=1550 :Connected OK >> ext_ldap_group_acl.cc(718): pid=1550 :group filter 'CN=squid_noaccess', searchbase 'DC=mimar,DC=rs' >> ext_ldap_group_acl: WARNING: LDAP search error 'Operations error' >> ERR >> >> If I understand well, if user pacija is a member of squid_noaccess >> group, correctly construed query should give me OK. How do I achieve >> this? > > Start by typing in the input using external ACL helpers input format. > I assume your squid.conf uses %LOGIN. Which is actually user:password > > Notice the colon. Oops. Sorry, looked in the wrong formatter. It is just username like you had. But no group name unless the group is explicitly named in the 'acl ... external ...' line parameters. This bit still applies though: > > Follow that by running the helper as Squid low-privileged user account. > There's no gain testing that admin account can access things. You want > it working when run by Squid. And maybe alter the -f parameter value to tell it where to find the %u (username). Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users