On 29/07/2015 4:01 a.m., Marko Cupać wrote: > Hi, > > I am testing ext_ldap_group_acl from command line in squid-3.5.6 on > FreeBSD 10.1-RELEASE-p15 amd64, but I can't make it work with Active > Directory. > > My query is as follows: > ./ext_ldap_group_acl -d -b "DC=mimar,DC=rs" \ > -f "CN=squid_noaccess" -d ldapbin...@mimar.rs -W "mypass" \ > -h dc1.mimar.rs > > After I type user and group name I get: > pacija squid_noaccess > ext_ldap_group_acl.cc(579): pid=1550 :Connected OK > ext_ldap_group_acl.cc(718): pid=1550 :group filter 'CN=squid_noaccess', > searchbase 'DC=mimar,DC=rs' > ext_ldap_group_acl: WARNING: LDAP search error 'Operations error' > ERR > > If I understand well, if user pacija is a member of squid_noaccess > group, correctly construed query should give me OK. How do I achieve > this?
Start by typing in the input using external ACL helpers input format. I assume your squid.conf uses %LOGIN. Which is actually user:password Notice the colon. Follow that by running the helper as Squid low-privileged user account. There's no gain testing that admin account can access things. You want it working when run by Squid. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users