Hi, Henrik.
Henrik Nordstrom wrote:
>> 2) the RFC rfc2254 defined the excaping of the characeters. it doesnt
>> say that spaces need to be escaped, but, since squid_ldap_group doesn't
>> accept neither quotes nor doublequotes, I tried to use RFC2254 escaping
>> when using squid_ldap_group from shell.
>>
>
> See the external_acl_type directive for a description of the format used
> between Squid and the helper..
>
> If protocol=3.0 (the default) then URL escaping is used to protect
> each value in both requests and responses.
>
> If using protocol=2.5 then all values need to be enclosed in quotes
> if they may contain whitespace, or the whitespace escaped using \.
> And quotes or \ characters within the keyword value must be \ escaped.
>
>
> Usernames with spaces in them should work fine in your Squid.
>
> To test manually from the command line you need to properly escape the
> input to the helper. As you are using Squid-2.6 the input should be
> URL-escaped using %20 as space.
>
>
Thanks for the explanation of the ttl parameter, now it works fine.
But I still have the same problem with spaces.
So, I have the
acl ad-internet-users external ldap_group Internet Users -
Proxy1
line in config. And helper uses the protocol 3.0. When it looks as above
squid thinks that this is the list of groups, and parses them
sequentually one after one.
With the look like this
acl ad-internet-users external ldap_group
Internet%20Users%20-%20Proxy1
(which works fine from the commandline test) it looks like those symbols
are passed to helper in some escaped way, because they appear in
helper's debug log :(.
So when launched from shell I get (manually inserting
Internet%20Users%20-%20Proxy1):
%./squid_ldap_group -d -b cn=Users,dc=domain,dc=local-f
"(&(cn=%g)(member=%u)(objectClass=group))" -F "sAMAccountname=%s"
-D cn=dca,cn=Users,dc=domain,dc=local -w somepass -h 192.168.3.6 -v 3 -p 389
emz Internet%20Users%20-%20Proxy1
Connected OK
user filter 'sAMAccountname=emz', searchbase 'cn=Users,dc=domain,dc=local'
group filter '(&(cn=Internet Users - Proxy1)(member=CN=Some
User,CN=Users,DC=domain,DC=local)(objectCla
ss=group))', searchbase 'cn=Users,dc=domain,dc=local'
OK
(all is fine)
When used in squid config (from the last example above) I see those
lines in cache.log:
Connected OK
user filter 'sAMAccountname=emz', searchbase 'cn=Users,dc=domain,dc=local'
group filter '(&(cn=Internet%20Users%20-%20Proxy1)(member=CN=Some
User,CN=Users,DC=domain,DC=local)
(objectClass=group))', searchbase 'cn=Users,dc=domain,dc=local'
and I suppose this confuses helper, as squid doesn't allow this user to
get his requested web-page.
I also tried to use 'protocol=2.5' parameter as the helper argument in
squid config (edited the config, stopped squid, started squid again).
I get the following results with it:
Internet\ Users\ -\ Proxy1 - '\' escaped as \5c, space trimmed
"Internet Users - Proxy1" - I get 'strToFile Internet not found' message
'Internet Users - Proxy1' - I get the same message.
Internet Users - Proxy1 - not tried, because its clear that squid will
think that its a list.
So I still don't understand how to uses spaces. Forgive me my possible
dumbness, but can you give me any further advices ?
Thanks. Eugene.
Received on Tue Mar 06 2007 - 22:33:21 MST
This archive was generated by hypermail pre-2.1.9 : Sat Mar 31 2007 - 13:00:01 MDT