Amos
Just done some early testing of 3.2.0.5 over the last few days and am having some trouble with LDAP acls. Haven't fully concluded my testing but have found when doing multiple LDAP lookups that the behaviour has changed from my working 3.1.3 release.
Relevant configuration below. What I have determined is that it works for the first and second " acl InetAccess_x external InetGroup Internet_Access_x", ie where user is in either of the first 2 LDAP groups checked but not any of the subsequent ones. This config works fine at 3.1.3
Still more testing/proving to do but thought I would give an early heads up.
Regards
Steve
auth_param basic program /usr/acme001/Squid/libexec/basic_ldap_auth -b "O=COMPANY" -f uid=%s -c 2 -t 2 -v 3 -h 10.xxx.xxx.xxx,10.xxx.xxx.xxx
auth_param basic realm acme001 Internet Access - Level 0 Support Testing Only
external_acl_type InetGroup %LOGIN /usr/acme001/Squid/libexec/ext_ldap_group_acl -b "" -f "(&(cn=%g)(objectClass=groupOfNames)(member=%u))" -B "" -F "(&(uid=%s)(objectClass=Person))" -c 2 -t 2 -v 3 -h 10.xxx.xxx.xxx,10.xxx.xxx.xxx
acl localnet proxy_auth REQUIRED src 10.0.0.0/8
acl InetAccess_A external InetGroup Internet_Access_A
acl InetAccess_B external InetGroup Internet_Access_B
acl InetAccess_C external InetGroup Internet_Access_C
acl InetAccess_D external InetGroup Internet_Access_D
acl InetAccess_E external InetGroup Internet_Access_E
acl InetAccess_F external InetGroup Internet_Access_F
acl InetAccess_G external InetGroup Internet_Access_G
acl InetAccess_H external InetGroup Internet_Access_H
acl InetAccess_I external InetGroup Internet_Access_I
acl InetAccess_J external InetGroup Internet_Access_J
acl InetAccess_K external InetGroup Internet_Access_K
acl InetAccess_L external InetGroup Internet_Access_L
acl InetAccess_M external InetGroup Internet_Access_M
acl InetAccess_N external InetGroup Internet_Access_N
acl InetAccess_O external InetGroup Internet_Access_O
acl InetAccess_P external InetGroup Internet_Access_P
acl InetAccess_Q external InetGroup Internet_Access_Q
acl InetAccess_R external InetGroup Internet_Access_R
acl InetAccess_S external InetGroup Internet_Access_S
acl InetAccess_T external InetGroup Internet_Access_T
acl InetAccess_U external InetGroup Internet_Access_U
acl InetAccess_V external InetGroup Internet_Access_V
acl InetAccess_W external InetGroup Internet_Access_W
acl InetAccess_X external InetGroup Internet_Access_X
acl InetAccess_Y external InetGroup Internet_Access_Y
acl InetAccess_Z external InetGroup Internet_Access_Z
http_access allow InetAccess_A
http_access allow InetAccess_B
http_access allow InetAccess_C
http_access allow InetAccess_D
http_access allow InetAccess_E
http_access allow InetAccess_F
http_access allow InetAccess_G
http_access allow InetAccess_H
http_access allow InetAccess_I
http_access allow InetAccess_J
http_access allow InetAccess_K
http_access allow InetAccess_L
http_access allow InetAccess_M
http_access allow InetAccess_N
http_access allow InetAccess_O
http_access allow InetAccess_P
http_access allow InetAccess_Q
http_access allow InetAccess_R
http_access allow InetAccess_S
http_access allow InetAccess_T
http_access allow InetAccess_U
http_access allow InetAccess_V
http_access allow InetAccess_W
http_access allow InetAccess_X
http_access allow InetAccess_Y
http_access allow InetAccess_Z
-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: 28 February 2011 02:35
To: squid-dev_at_squid-cache.org
Subject: 3.2 release checkup
The long-term plan I have was hoping to release 3.2 stable next weekend (yeah right!).
These are the issues I know if still holding us at step 3 (beta) on the release checklist:
(http://wiki.squid-cache.org/ReleaseProcess)
* auth crashes in Negotiate and NTLM - Amos.
* IPv6 split-stack incomplete (multiple OS require this) - Amos.
* StringNG upgrade merged - Kinkie, Alex ?
* SMP cache/store support (RockStore) - Alex
* 8 bugs major or higher outstanding from 3.0 stable
* 26 bugs major or higher outstanding from 3.1 stable
(several will be resolved by the above work)
Could I get an estimate of how much longer these are likely to take please?
Also, if there are other issues you see not mentioned, please let me know or ensure the bug about it is marked an appropriate level of severity.
Additional important issues with less urgency:
* Windows support - Amos, Kinkie, Guido ?
* stale-while-revalidate
** requires async revalidation, which is blocked by store changes
Amos
Received on Tue Mar 01 2011 - 22:27:36 MST
This archive was generated by hypermail 2.2.0 : Wed Mar 02 2011 - 12:00:03 MST