Re: [squid-users] Problem with squid_ldap_group

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 10 Mar 2011 14:28:25 +1300

 On Thu, 10 Mar 2011 13:29:20 +1300, Clint Dilks wrote:
> Hi Everyone
>
> I am encountering an issue with this module which I don't understand.
>
> Stage 1
>
 <snip working manual>
>
> So I add the following to my squid.conf file
>
> external_acl_type ldap_group %LOGIN /usr/lib64/squid/squid_ldap_group
> -d -b
> "ou=People,dc=cms,dc=waikato,dc=ac,dc=nz" -f
>
> '(&(uid=%u)(memberof=cn=%g,ou=groups,ou=people,dc=cms,dc=waikato,dc=ac,dc=nz))'
> localhost
>
> acl mysql external ldap_group mysql
>
>
> And edit the access rule to become
> http_access allow ldapauth mysql
>
> Squid parse and loads the configuration. If I attempt to
> authenticate as
> the valid user clintd, but with an incorrect password I am prompted
> to
> re-enter the password. If I supply valid auth information for the
> user
> clintd. I get a page saying squid is denying my request. Why is
> this ?? I
> could understand if Im passing an invalid command line to
> squid_ldap_group
> but testing it manually seems to work correctly.
>
> As this is a non-production squid configuration at present I have
> removed
> all other acls and etc that may have been interfering but still see
> the same
> behavior. Does anyone have an idea what I am doing wrong or
> suggestions as
> to how I trouble shoot this further.

 I see you still have the -d option set in squid.conf. So cache.log
 should show the same traces as the manual test did. Is this showing
 anything?

 The most common reason for this type of behaviour is user account
 permissions (squid's versus the manual testers).

 Amos Jeffries
 PS. I'm on your campus and have an hour free from 3.30pm if you want me
 to drop by today and help dredge the logs.
Received on Thu Mar 10 2011 - 01:28:29 MST

This archive was generated by hypermail 2.2.0 : Thu Mar 10 2011 - 12:00:02 MST