[squid-users] Continued problems with squid_ldap_group

From: Oliver Hookins <[email protected]>
Date: Tue, 1 Mar 2005 17:00:54 +1100

Sorry, just realised this message should really be titled
squid_ldap_group since it has nothing to do with NTLM - those hurdles
have been jumped fortunately.

---------- Forwarded message ----------
From: Oliver Hookins <ohookins@gmail.com>
Date: Tue, 1 Mar 2005 16:59:15 +1100
Subject: Continued problems with NTLM
To: squid-users@squid-cache.org

This must be getting real old... it's still not working. I have now
turned on full external ACL debugging and it produces output like the
below:

2005/02/26 14:10:30| aclMatchExternal: ldap_group user not authenticated (-1)
2005/02/26 14:10:31| aclMatchExternal: acl="ldap_group"
2005/02/26 14:10:31| aclMatchExternal: ldap_group user not authenticated (-1)
2005/02/26 14:10:31| aclMatchExternal: acl="ldap_group"
2005/02/26 14:10:31| aclMatchExternal: ldap_group user not authenticated (-1)
2005/02/26 14:10:31| aclMatchExternal: acl="ldap_group"
2005/02/26 14:10:31| aclMatchExternal: ldap_group user not authenticated (-1)
2005/02/26 14:10:31| aclMatchExternal: acl="ldap_group"
2005/02/26 14:10:31| aclMatchExternal: ldap_group("epa\\aderooy
gOpenProxy") = lookup needed
2005/02/26 14:10:31| externalAclLookup: lookup in 'ldap_group' for
'epa\\aderooy gOpenProxy'
2005/02/26 14:10:31| external_acl_cache_add: Adding 'epa\\aderooy
gOpenProxy' =-1 squid_ldap_group WARNING, User 'epa\aderooy' not found
in 'DC=estateprop,DC=com, DC=au,DC=local'
2005/02/26 14:10:31| externalAclHandleReply: reply="ERR"
2005/02/26 14:10:31| external_acl_cache_add: Adding 'epa\\aderooy gOpenProxy' =0
2005/02/26 14:10:31| external_acl_cache_add: updating existing entry
2005/02/26 14:10:31| aclMatchExternal: acl="ldap_group"
2005/02/26 14:10:31| aclMatchExternal: ldap_group = 0

The problem is, this only happens in Squid. I have tried the EXACT
external ACL command line for squid_ldap_group many many times on the
command line and it works perfectly. I use it with domain\\username
and it works fine (with the -S parameter). But for some reason when
called from Squid it is failing...

It really makes no sense. This is plain 2.5STABLE7.

Regards,
Oliver
Received on Mon Feb 28 2005 - 23:02:01 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:03 MST