Re: [squid-users] Ubuntu Server 13.10. Squid 3.3.8. WARNING: external ACL 'memberof' queue overload

Tue, 12 Nov 2013 11:29:13 -0800 

Hey,

I do not know this warning but you can try to add a verbose log using:
debug_options ALL,1 28,4 29,6 82,6
The above logs will show what comes and goes inside squid and from the external_acl to squid. 
are you using the basic auth from ubuntu or self compiled?
Also if you can get the output of "squid -v".

Thanks,
Eliezer

On 11/12/2013 06:33 PM, Andrey ‪ wrote:

Hi everyone

During configuration of LDAP basic and group authentication methods by
Squid, a came across this error (/var/log/squid3/cache.log):



Code:
WARNING: external ACL 'memberof' queue overload. Request rejected
'administrator InternetAccess'.For basic authentication I use following
piece of code:



Code:
  auth_param basic program /usr/lib/squid3/basic_ldap_auth -P -R -u cn
-b "cn=Users,dc=dot,dc=lan" ubuntu.dot.lan
  auth_param basic realm ubuntu.dot.lanThe test shows:

Administrator Pa77w0rd

OK.

For LDAP groups I use this:



Code:
  external_acl_type memberof %LOGIN /usr/lib/squid3/ext_ldap_group_acl
-P -R -K -b "dc=dot,dc=lan" -f
"(&(cn=%v)(memberOf=cn=%a,cn=Users,dc=dot,dc=lan))" -D
nslcd-serv...@dot.lan -w "Pa77w0rd" -h ubuntu.dot.lan
The test shows:

Administrator InternetAccess

OK


My ACL list has following rules:


Code:
  acl SSL_ports port 443
  acl Safe_ports port 80 # http
  acl Safe_ports port 21 # ftp
  acl Safe_ports port 443 # https
  acl Safe_ports port 70 # gopher
  acl Safe_ports port 210 # wais
  acl Safe_ports port 1025-65535 # unregistered ports
  acl Safe_ports port 280 # http-mgmt
  acl Safe_ports port 488 # gss-http
  acl Safe_ports port 591 # filemaker
  acl Safe_ports port 777 # multiling http
  acl CONNECT method CONNECT
  acl LDAP_Auth proxy_auth REQUIRED
  acl ClientNet src 192.168.1.135
  acl Block_site url_regex -i fb vk youtube
  acl InetAccess external memberof InternetAccess

And my Access/deny rules are:


Code:
  http_access allow localhost manager
  http_access deny manager
  http_access deny !Safe_ports
  http_access deny CONNECT !SSL_ports
  http_access allow localhost
  http_access deny Block_site
  http_access allow InetAccess
  http_access deny !LDAP_Auth
  http_access allow ClientNet
  http_access deny all

Where is the problem? How to solve it?

Thank you.

Reply via email to