I started looking 'ignore-no-cache' feature and found that it has been
implemented in Squid-2.6. I have tried to migrate current Squid-2.5STABLE14
to Squid-2.6, but I found a problem with LDAP Group identification.
The squid_ldap_group is working fine on Squid-2.5, but not on
Squid-2.6. The external_acl_type
is configured as:
external_acl_type ldap-group concurrency=6 %LOGIN /opt/oss/squid/libexec/squid
_ldap_group -b t=COMPANY -f
(&(objectClass=person)(groupMembership=%a)(cn=%v)) -D
cn=ldap-auth,o=system -w password -s sub -P -S ldap-1
I put '-d' into squid_ldap_group for more verbose, from cache.log file:
Squid-2.5
Connected OK
group filter '(&(objectClass=person)(groupMembership=cn=internet-access,ou=groups,o=qogr)(cn=bob))',
searchbase 't=COMPANY'
Squid-2.6
Connected OK
group filter '(&(objectClass=person)(groupMembership=company\5cbob)(cn=0))',
searchbase 't=COMPANY'
squid_ldap_group WARNING, LDAP search error 'Invalid DN syntax'
From the cache.log files, it can be noticed there is some problem
with 'groupMembership' and 'cn'.
I tried to run ldapsearch and it works fine
./ldapsearch -L -h ldap-1 -b "t=COMPANY" -s sub -D
"cn=ldap-auth,o=system" -w password
"(&(objectClass=person)(groupMembership=cn=internet-access,ou=groups,o=system)(cn=bob))"
I tried to run ldapsearch and it works fine.
Is there anything I should change in squid_ldap_group arguments?
Thanks.
VinylBNE
Received on Tue Sep 26 2006 - 19:07:28 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:04 MDT