Hey, I do not know this warning but you can try to add a verbose log using: debug_options ALL,1 28,4 29,6 82,6
The above logs will show what comes and goes inside squid and from the external_acl to squid.
are you using the basic auth from ubuntu or self compiled? Also if you can get the output of "squid -v". Thanks, Eliezer On 11/12/2013 06:33 PM, Andrey wrote:
Hi everyone During configuration of LDAP basic and group authentication methods by Squid, a came across this error (/var/log/squid3/cache.log): Code: WARNING: external ACL 'memberof' queue overload. Request rejected 'administrator InternetAccess'.For basic authentication I use following piece of code: Code: auth_param basic program /usr/lib/squid3/basic_ldap_auth -P -R -u cn -b "cn=Users,dc=dot,dc=lan" ubuntu.dot.lan auth_param basic realm ubuntu.dot.lanThe test shows: Administrator Pa77w0rd OK. For LDAP groups I use this: Code: external_acl_type memberof %LOGIN /usr/lib/squid3/ext_ldap_group_acl -P -R -K -b "dc=dot,dc=lan" -f "(&(cn=%v)(memberOf=cn=%a,cn=Users,dc=dot,dc=lan))" -D nslcd-serv...@dot.lan -w "Pa77w0rd" -h ubuntu.dot.lan The test shows: Administrator InternetAccess OK My ACL list has following rules: Code: acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl LDAP_Auth proxy_auth REQUIRED acl ClientNet src 192.168.1.135 acl Block_site url_regex -i fb vk youtube acl InetAccess external memberof InternetAccess And my Access/deny rules are: Code: http_access allow localhost manager http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny Block_site http_access allow InetAccess http_access deny !LDAP_Auth http_access allow ClientNet http_access deny all Where is the problem? How to solve it? Thank you.