Re: change between squid 3.1 and 3.3.8

["TRIFILETTI Frank (Adjoint au chef du DO Sud-Est / Chef du groupe expertise technique) - SG/SPSSI/CPII/DOSE/ET" <Frank.Trifiletti@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>]

Hello Amos,

thanks for your answer

my answer in the body of the message below

Frank

Le 23/04/2016 05:29, "> Amos Jeffries (par Internet, dépôt 
squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx)" a écrit :
> On 23/04/2016 2:40 a.m., FTRIF wrote:
> > Hello,
> > i have a problem using /usr/lib/squid3/ext_ldap_group_acl which appears in
> > 3.3.8
> >
> > i have a ldap attribut called InternetAccess which contains the value
> > "ACCESSINTER"
> >
> > i want to make an ACL to authorize such people to surf on the net by using a
> > ldap_group, built with the people who had the value ACCESSINTER in the ldap
> > attribut called InternetAccess
> >
> > in command line it works both with squid 3.1 and 3.3.8, the answer is OK:
> >
> > /usr/lib/squid3/ext_ldap_group_acl -d -b dc=eq,dc=fr -f
> > "(&(objectclass=person)(InternetAccess=%a)(uid=%u))" myLdapDNSname
> >
> > fk.tf ACCESSINTER
> > ext_ldap_group_acl.cc(587): pid=25599 :Connected OK
> > ext_ldap_group_acl.cc(726): pid=25599 :group filter
> > '(&(objectclass=person)(InternetAccess=ACCESSINTER)(uid=fk.tf))', searchbase
> > 'dc=eq,dc=fr'
> > OK
>
> Use '%g' macro for group. It will not to collide with URL-encoding of
> the parameters.

in the squid.conf i forget indicate that i have a line
acl profil_ACCESSINTERNET external ldap_group ACCESSINTER

in command line i replace %a by '%g' in command line but it doesn't work only if 
i put %g

but in squid.conf i put '%g' instead of %a and i have the same result with in 
the cache.log

2016/04/25 18:17:25.835| Acl.cc(319) checklistMatches: ACL::checklistMatches: 
checking 'profil_ACCESSINTERNET'
2016/04/25 18:17:25.835| external_acl.cc(793) aclMatchExternal: acl="ldap_group"
2016/04/25 18:17:25.835| external_acl.cc(822) aclMatchExternal: No helper entry 
available
2016/04/25 18:17:25.835| external_acl.cc(826) aclMatchExternal: ldap_group check 
user authenticated.
2016/04/25 18:17:25.835| external_acl.cc(832) aclMatchExternal: ldap_group user 
is authenticated.
2016/04/25 18:17:25.835| external_acl.cc(856) aclMatchExternal: 
ldap_group("fk.tf ACCESSINTER") = lookup needed
2016/04/25 18:17:25.835| external_acl.cc(858) aclMatchExternal: "fk.tf 
ACCESSINTER": entry=@0, age=0
2016/04/25 18:17:25.835| external_acl.cc(861) aclMatchExternal: "fk.tf 
ACCESSINTER": queueing a call.
2016/04/25 18:17:25.835| external_acl.cc(863) aclMatchExternal: "fk.tf 
ACCESSINTER": return -1.
2016/04/25 18:17:25.835| Acl.cc(321) checklistMatches: ACL::ChecklistMatches: 
result for 'profil_ACCESSINTERNET' is -1
2016/04/25 18:17:25.835| Acl.cc(346) matches: profil_ACCESSINTERNET needs async 
lookup
2016/04/25 18:17:25.835| Acl.cc(354) matches: profil_ACCESSINTERNET result is false
2016/04/25 18:30:36.709| Checklist.cc(275) matchNode: 0x7ffdc7f66fb0 matched=0 
async=1 finished=0
2016/04/25 18:30:36.709| Checklist.cc(146) markFinished: 0x7ffdc7f66fb0 answer 
DUNNO for async required but prohibited
2016/04/25 18:30:36.709| Checklist.cc(308) matchNode: 0x7ffdc7f66fb0 DUNNO 
because cannot async
2016/04/25 18:30:36.709| FilledChecklist.cc(77) ~ACLFilledChecklist: 
ACLFilledChecklist destroyed 0x7ffdc7f66fb0
2016/04/25 18:30:36.709| Checklist.cc(334) ~ACLChecklist: 
ACLChecklist::~ACLChecklist: destroyed 0x7ffdc7f66fb0
2016/04/25 18:30:36.709| Checklist.cc(153) preCheck: 0x7ffdc7f66fb0 checking 
fast rules
2016/04/25 18:30:36.709| Checklist.cc(414) fastCheck: aclCheckFast: list: 
0x56353080b548

is it these last lines indicate the followup where the helper responds you asked 
for ?

if not which type of text i have to search ?

my debug_options 28,9 82,9 84,9
section 82 External AC
section 84 Helper process maintenance
section 28 Access Control



> > but in the squid.conf v3.3.8, i put the line below  :
> >
> > external_acl_type ldap_group ipv4 %LOGIN /usr/lib/squid3/ext_ldap_group_acl
> > -d -b dc=eq,dc=fr -f "(&(objectclass=person)(InternetAccess=%a)(uid=%u))"
> > myLdapDNSname
> >
> > it don't work and in my cache.log i found :
> <snip>
> > 779298:2016/04/22 15:56:40.335| external_acl.cc(861) aclMatchExternal:
> > "fk.tf ACCESSINTER": queueing a call.
> > 779299:2016/04/22 15:56:40.335| external_acl.cc(863) aclMatchExternal:
> > "fk.tf ACCESSINTER": return -1.
>
> That is sending the lookup. Now Squid awaits the helper response.
>
>
> > It's work in squid 3.1 with the external acl called "squid_ldap_group"
> > instead of "ext_ldap_group_acl"
> >
> > perhaps i used something in 3.1 which was a bug corrected in 3.3 ?
>
> There is no sign of any problem in that log snippet. Can you find the
> followup where the helper responds?
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users