[squid-users] LDAP Group not working on Squid 2.6

From: Vinyl Bne <[email protected]>
Date: Wed, 27 Sep 2006 11:07:26 +1000

I started looking 'ignore-no-cache' feature and found that it has been
implemented in Squid-2.6. I have tried to migrate current Squid-2.5STABLE14
to Squid-2.6, but I found a problem with LDAP Group identification.

The squid_ldap_group is working fine on Squid-2.5, but not on
Squid-2.6. The external_acl_type
is configured as:

external_acl_type ldap-group concurrency=6 %LOGIN /opt/oss/squid/libexec/squid
_ldap_group -b t=COMPANY -f
(&(objectClass=person)(groupMembership=%a)(cn=%v)) -D
cn=ldap-auth,o=system -w password -s sub -P -S ldap-1

I put '-d' into squid_ldap_group for more verbose, from cache.log file:

Squid-2.5
Connected OK
group filter '(&(objectClass=person)(groupMembership=cn=internet-access,ou=groups,o=qogr)(cn=bob))',
searchbase 't=COMPANY'

Squid-2.6
Connected OK
group filter '(&(objectClass=person)(groupMembership=company\5cbob)(cn=0))',
searchbase 't=COMPANY'
squid_ldap_group WARNING, LDAP search error 'Invalid DN syntax'

From the cache.log files, it can be noticed there is some problem
with 'groupMembership' and 'cn'.

I tried to run ldapsearch and it works fine

./ldapsearch -L -h ldap-1 -b "t=COMPANY" -s sub -D
"cn=ldap-auth,o=system" -w password
"(&(objectClass=person)(groupMembership=cn=internet-access,ou=groups,o=system)(cn=bob))"

I tried to run ldapsearch and it works fine.

Is there anything I should change in squid_ldap_group arguments?

Thanks.

VinylBNE
Received on Tue Sep 26 2006 - 19:07:28 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:04 MDT