[squid-users] LDAP Auth + Passwd expiry

Hi,

first of all i'd like to thank you all for your helpfull replies! In regard
of the
problem i posted before and according to your hints i wrote a little shell
script which basically does an ldapsearch for a given user, returning OK
if outside the grace period resp. returning ERR if within the grace period.
The script as such (see attached) works fine. Unfortunately i couldn't get
it to work with squid2.5STABLE1.
The related configuration is as follows:

external_acl_type passwd-expired_external ttl=5 concurrency=5 %LOGIN \
   /usr/local/squid/libexec/expire.sh -D <binddn> -b <basedn> -h <ip> -f
"<filter>"
# <binddn>, <basedn>, <ip> and <filter> not shown here, but are verified to
# work with the script in standalone-testing
acl passwd-expired external passwd-expired_external
http_access deny passwd-expired
deny_info ERR_PASSWORD_EXPIRED passwd-expired

user@host:/usr/local/squid/libexec# ls -al expire.sh
-rwxr-xr-x 1 root other 1830 Jun 20 16:41 expire.sh

So i tried upgrading to squid2.5STABLE3, which worked well with the
exception that now squid dies when i put the above config in the squid.conf
file. I narrowed it down to two causes:
1) if there are two ore more deny_info directives squid2.5STABLE3 core
    dumps or crashes with "Bus error" in my setup (solaris 2.8). Placing a
    comment sign before the second deny_info resolves this issue.
    deny_info directives used:
        deny_info ERR_MSIE_DENIED no-msie
        deny_info ERR_PASSWD_EXPIRED passwd-expired
 
./share/errors/English# ls -al ERR_MSIE_DENIED ERR_PASSWD_EXPIRED
-rw-r--r-- 1 root other 954 Jun 20 17:04 ERR_MSIE_DENIED
-rw-r--r-- 1 root other 954 Jun 20 17:07 ERR_PASSWD_EXPIRED

2) if there is only one deny_info directive, squid2.5STABLE3 as such works
    well, but the external expire-helper fails to work as expected. I can
request
    as many webpages as the value set in the concurrency-field of the
external-
    _acl_type directive.
    Every time i do so, one instance of the expire-helper dies. Leading to
an
    eventual crash of squid with the last instance of the helper dying.
    Debug output:
Startup: Fri Jun 20 17:24:16 MEST 2003
2003/06/20 17:27:04| Starting Squid Cache version 2.5.STABLE3 for
sparc-sun-solaris2.8...
2003/06/20 17:27:04| Process ID 17939
2003/06/20 17:27:04| With 1024 file descriptors available
2003/06/20 17:27:04| DNS Socket created at 0.0.0.0, port 33824, FD 4
2003/06/20 17:27:04| Adding nameserver x.x.x.x from squid.conf
2003/06/20 17:27:04| Adding nameserver x.x.x.x from squid.conf
2003/06/20 17:27:04| Adding nameserver x.x.x.x from squid.conf
2003/06/20 17:27:04| Adding nameserver x.x.x.x from squid.conf
2003/06/20 17:27:04| helperOpenServers: Starting 3 'squidGuard' processes
2003/06/20 17:27:04| helperOpenServers: Starting 5 'squid_ldap_auth'
processes
2003/06/20 17:27:04| helperOpenServers: Starting 5 'expire.sh' processes
2003/06/20 17:27:06| Unlinkd pipe opened on FD 22
2003/06/20 17:27:06| Swap maxSize 10485760 KB, estimated 806596 objects
2003/06/20 17:27:06| Target number of buckets: 40329
2003/06/20 17:27:06| Using 65536 Store buckets
2003/06/20 17:27:06| Max Mem size: 131072 KB
2003/06/20 17:27:06| Max Swap size: 10485760 KB
2003/06/20 17:27:06| Rebuilding storage in /usr/local/squid/var/cache
(CLEAN)
2003/06/20 17:27:06| Using Least Load store dir selection
2003/06/20 17:27:06| Set Current Directory to /usr/local/squid/var/cache
2003/06/20 17:27:06| Loaded Icons.
2003/06/20 17:27:06| Accepting HTTP connections at 0.0.0.0, port 3128, FD
24.
2003/06/20 17:27:06| Accepting ICP messages at 0.0.0.0, port 3130, FD 25.
2003/06/20 17:27:06| WCCP Disabled.
2003/06/20 17:27:06| Configuring Parent x.x.x.x/8080/0
2003/06/20 17:27:06| Ready to serve requests.
2003/06/20 17:27:06| Done reading /usr/local/squid/var/cache swaplog (62
entries)
2003/06/20 17:27:06| Finished rebuilding storage from disk.
2003/06/20 17:27:06| 62 Entries scanned
2003/06/20 17:27:06| 0 Invalid entries.
2003/06/20 17:27:06| 0 With invalid flags.
2003/06/20 17:27:06| 62 Objects loaded.
2003/06/20 17:27:06| 0 Objects expired.
2003/06/20 17:27:06| 0 Objects cancelled.
2003/06/20 17:27:06| 0 Duplicate URLs purged.
2003/06/20 17:27:06| 0 Swapfile clashes avoided.
2003/06/20 17:27:06| Took 0.6 seconds ( 110.5 objects/sec).
2003/06/20 17:27:06| Beginning Validation Procedure
2003/06/20 17:27:06| Completed Validation Procedure
2003/06/20 17:27:06| Validated 62 Entries
2003/06/20 17:27:06| store_swap_size = 395k
2003/06/20 17:27:07| storeLateRelease: released 0 objects
2003/06/20 17:27:57| helperHandleRead: FD 14 read: (131) Connection reset by
peer
2003/06/20 17:27:57| WARNING: passwd-expired_external #1 (FD 14) exited
2003/06/20 17:28:12| helperHandleRead: FD 15 read: (131) Connection reset by
peer
2003/06/20 17:28:12| WARNING: passwd-expired_external #2 (FD 15) exited
2003/06/20 17:28:43| helperHandleRead: FD 16 read: (131) Connection reset by
peer
2003/06/20 17:28:43| WARNING: passwd-expired_external #3 (FD 16) exited
2003/06/20 17:28:49| helperHandleRead: FD 17 read: (131) Connection reset by
peer
2003/06/20 17:28:49| WARNING: passwd-expired_external #4 (FD 17) exited
2003/06/20 17:28:49| storeDirWriteCleanLogs: Starting...
2003/06/20 17:28:49| Finished. Wrote 66 entries.
2003/06/20 17:28:49| Took 0.0 seconds (11342.2 entries/sec).
FATAL: Too few passwd-expired_external processes are running

Any help would be greatly appreciated!

Regards,

           Frank

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!