On 29/07/2015 4:01 a.m., Marko Cupać wrote:
> Hi,
> 
> I am testing ext_ldap_group_acl from command line in squid-3.5.6 on
> FreeBSD 10.1-RELEASE-p15 amd64, but I can't make it work with Active
> Directory.
> 
> My query is as follows:
> ./ext_ldap_group_acl -d -b "DC=mimar,DC=rs" \
>       -f "CN=squid_noaccess" -d ldapbin...@mimar.rs -W "mypass" \
>       -h dc1.mimar.rs
> 
> After I type user and group name I get:
> pacija squid_noaccess
> ext_ldap_group_acl.cc(579): pid=1550 :Connected OK
> ext_ldap_group_acl.cc(718): pid=1550 :group filter 'CN=squid_noaccess', 
> searchbase 'DC=mimar,DC=rs'
> ext_ldap_group_acl: WARNING: LDAP search error 'Operations error'
> ERR
> 
> If I understand well, if user pacija is a member of squid_noaccess
> group, correctly construed query should give me OK. How do I achieve
> this?

Start by typing in the input using external ACL helpers input format.
I assume your squid.conf uses %LOGIN. Which is actually user:password

Notice the colon.

Follow that by running the helper as Squid low-privileged user account.
There's no gain testing that admin account can access things. You want
it working when run by Squid.

Amos

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to