On 23/04/2016 2:40 a.m., FTRIF wrote: > Hello, > i have a problem using /usr/lib/squid3/ext_ldap_group_acl which appears in > 3.3.8 > > i have a ldap attribut called InternetAccess which contains the value > "ACCESSINTER" > > i want to make an ACL to authorize such people to surf on the net by using a > ldap_group, built with the people who had the value ACCESSINTER in the ldap > attribut called InternetAccess > > in command line it works both with squid 3.1 and 3.3.8, the answer is OK: > > /usr/lib/squid3/ext_ldap_group_acl -d -b dc=eq,dc=fr -f > "(&(objectclass=person)(InternetAccess=%a)(uid=%u))" myLdapDNSname > > fk.tf ACCESSINTER > ext_ldap_group_acl.cc(587): pid=25599 :Connected OK > ext_ldap_group_acl.cc(726): pid=25599 :group filter > '(&(objectclass=person)(InternetAccess=ACCESSINTER)(uid=fk.tf))', searchbase > 'dc=eq,dc=fr' > OK Use '%g' macro for group. It will not to collide with URL-encoding of the parameters. > > but in the squid.conf v3.3.8, i put the line below : > > external_acl_type ldap_group ipv4 %LOGIN /usr/lib/squid3/ext_ldap_group_acl > -d -b dc=eq,dc=fr -f "(&(objectclass=person)(InternetAccess=%a)(uid=%u))" > myLdapDNSname > > it don't work and in my cache.log i found : > <snip> > 779298:2016/04/22 15:56:40.335| external_acl.cc(861) aclMatchExternal: > "fk.tf ACCESSINTER": queueing a call. > 779299:2016/04/22 15:56:40.335| external_acl.cc(863) aclMatchExternal: > "fk.tf ACCESSINTER": return -1. That is sending the lookup. Now Squid awaits the helper response. > > It's work in squid 3.1 with the external acl called "squid_ldap_group" > instead of "ext_ldap_group_acl" > > perhaps i used something in 3.1 which was a bug corrected in 3.3 ? > There is no sign of any problem in that log snippet. Can you find the followup where the helper responds? Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
