Re: [squid-users] squid_ldap_group acl error!

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 01 Sep 2011 17:02:17 +1200

On 01/09/11 04:28, Nahuel Chaves wrote:
> im having troubles assigning ACL to ldap groups... i have this:
>
> external_acl_type gruposLDAP %LOGIN /usr/lib64/squid/squid_ldap_group
> -P -R -b OU=USUARIOS,DC=tierradelfuego,DC=gov,DC=ar -D proxyAuth -w
> password -f (&(objectClass=person)(sAMAccountName=%u)(memberOf=CN=%g,OU=GRUPOS,DC=tierradelfuego,DC=gov,DC=ar))
> -h 10.1.9.33 -s sub -v 3 -d
>
> acl ProxyA external gruposLDAP _GP_US_PROXY_A
> acl ProxyB external gruposLDAP _GP_US_PROXY_B
>
>
> acl ad_users proxy_auth REQUIRED
>
> http_access deny !ad_users
> http_access deny ProxyB
> http_access allow ProxyA
>
> http_access allow all
>
> but no matters if a user is in ProxyA or ProxyB ... it cant navigate
> through this proxy server. Any ideas?

Perhapse telling us what "cannot navigate" means will help.
  Constant logins challenges? denial message? TCP hangs? what?

I notice you have the debug (-d) option configured. Perhapse your
cache.log will indicate the problem. If not then where are the debug
messages going?

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.15
   Beta testers wanted for 3.2.0.10
Received on Thu Sep 01 2011 - 05:02:23 MDT

This archive was generated by hypermail 2.2.0 : Thu Sep 01 2011 - 12:00:03 MDT