Search squid archive

ext_ldap_group_acl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello.

 

I’m setting up squid on a CentOS 8 server.

Authentication against active directory works well with basic_ldap_auth, but I fail when trying to check that a user belongs to a group.

It seems to me that for ext_ldap_group_acl it’s enough that both the user and the group exist and it returns OK. It returns ERR when it cannot find the group or the user.

 

To make it more clear, here are the queries and results I get.

user1.test exists and is a member of group My_Group

user2.test exists and is NOT a member of group My_Group

Group asdf does NOT exist

 

So, I expect that when asking for

-          user1.test My_Group >> OK

-          user2.test My_Group >> ERR

But I get:

-          user1.test My_Group >> OK

-          user2.test My_Group >> OK

 

Here it is:

 

# /usr/lib64/squid/ext_ldap_group_acl -d -R -b "dc=my,dc=domain" -D "squid@my.domain" -W /etc/squid/ldappass.txt -F "(sAMAccountName=%s)" -f "(memberof=CN=%g,DC=my,DC=domain)" -h sv-102-dc.my.domain

user1.test asdf

ext_ldap_group_acl.cc(589): pid=194302 :Connected OK

ext_ldap_group_acl.cc(772): pid=194302 :user filter '(sAMAccountName=user1.test)', searchbase 'dc=my,dc=domain'

ext_ldap_group_acl.cc(736): pid=194302 :group filter '(memberof=CN=asdf,DC=my,DC=domain)', searchbase 'dc=my,dc=domain'

ERR

user1.test My_Group

ext_ldap_group_acl.cc(589): pid=194302 :Connected OK

ext_ldap_group_acl.cc(772): pid=194302 :user filter '(sAMAccountName=user1.test)', searchbase 'dc=my,dc=domain'

ext_ldap_group_acl.cc(736): pid=194302 :group filter '(memberof=CN=My_Group, DC=my,DC=domain)', searchbase 'dc=my,DC=domain'

OK

user2.test My_Group

ext_ldap_group_acl.cc(589): pid=194302 :Connected OK

ext_ldap_group_acl.cc(772): pid=194302 :user filter '(sAMAccountName=user2.test)', searchbase 'dc=my,dc=domain'

ext_ldap_group_acl.cc(736): pid=194302 :group filter '(memberof=CN=My_Group, DC=my,DC=domain)', searchbase 'dc=my,DC=domain'

OK

 

My env:

# uname -rms

Linux 4.18.0-193.14.2.el8_2.x86_64 x86_64

# rpm -qa | grep squid

squid-4.4-8.module_el8.2.0+319+d18e041f.1.x86_64

 

Could any kind soul help me out?

 

Thank you and best regards.

Robi

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux