Squid and AD Group (ext_ldap_group_acl)

Olivier CALVANO <o.calvano@xxxxxxxxx> · Sun, 7 Feb 2016 09:39:46 +0100

Hi

i have a problems with AD Group, i use this config:

external_acl_type AD_Group children-startup=5 children-max=100 concurrency=80 ttl=1800 negative_ttl=900 %LOGIN /usr/lib64/squid/ext_ldap_group_acl -d -S -K -R -b DC=mydomain,DC=fr -D cn=UserAdmin,ou=vpn,dc=mydomain,dc=fr -w "Pa77word" -f (&(objectclass=person) (sAMAccountName=%v)(memberof=CN=%g,OU=Admin,DC=mydomain,DC=fr)) -h 192.168.10.1

acl Group_Allowed external AD_Group Internet-Access
http_access allow Group_Allowed
http_access deny !Group_Allowed

When i want use the proxy, squid request all time the Login/pass

if i change config:

http_access allow Group_Allowed
http_access deny !Group_Allowed
in
#http_access allow Group_Allowed
#http_access deny !Group_Allowed

access is Ok but he don't use AD Group :<.

In commande ligne that's work:

/usr/lib64/squid/ext_ldap_group_acl -d -S -K -R -b DC=mydomain,DC=fr -D cn=UserAdmin,ou=vpn,dc=mydomain,dc=fr -w "Pa77word" -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=CN=%g,OU=Admin,DC=mydomain,DC=fr))" -h 192.168.10.1
UserTest Internet-Access
OK

In cache.log, i have only:

xt_ldap_group_acl.cc(587): pid=9767 :Connected OK
ext_ldap_group_acl.cc(726): pid=9767 :group filter '(&(objectclass=person)(sAMAccountName=0)(memberof=CN=UserTest,OU=Admin,DC=mydomain,DC=fr))', searchbase 'DC=mydomain,DC=fr'
ext_ldap_group_acl.cc(726): pid=9767 :group filter '(&(objectclass=person)(sAMAccountName=0)(memberof=CN=Internet-Access,OU=Admin,DC=mydomain,DC=fr))', searchbase 'DC=mydomain,DC=fr'

anyone have this type of problems ?

thanks
Olivier

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users