[squid-users] Re: Using group names that include white spaces with external auth

From: Jose Ildefonso Camargo Tolosa <ildefonso.camargo_at_gmail.com>
Date: Sat, 21 Jun 2008 19:32:35 +1930

Hi!

Sorry, I forgot to give this info:

squid version: 2.6stable5 (debian etch).

I also tried: 2.6stable20 (from backports).

On Sat, Jun 21, 2008 at 7:22 PM, Jose Ildefonso Camargo Tolosa
<ildefonso.camargo_at_gmail.com> wrote:
> Hi!
>
> I'm trying to use group names that include white spaces (such as
> "Group Name") with external auths.
>
> I got some ACLs defined like this:
>
> external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -W
> /etc/squid/squid_ldap.secret -D "cn=Manager,dc=test,dc=local" -b
> "ou=Internet,ou=Groups,dc=test,dc=local" -f
> "(&(objectclass=posixGroup)(cn=%g)(memberUid=%u))" -h 127.0.0.1 -P -v
> 3 -B "ou=People,ou=Users,dc=test,dc=local"
>
> acl group_name external ldap_group Group%20Name
> acl anotheracl external ldap_group anothergroup
>
> http_access allow group_name
> http_access allow anotheracl
> http_access deny all
>
> It actually works for anotheracl (which doesn't have white spaces) ,
> but it doesn't for group_name. The problem: the white space.
>
> If I get that string and feed that directly to the squid_ldap program,
> it works!, I tried this:
>
> run:
> /usr/lib/squid/squid_ldap_group -W /etc/squid/squid_ldap.secret -D
> "cn=Manager,dc=test,dc=local" -b
> "ou=Internet,ou=Groups,dc=test,dc=local" -f
> "(&(objectclass=posixGroup)(cn=%g)(memberUid=%u))" -h 127.0.0.1 -P -v
> 3 -B "ou=People,ou=Users,dc=test,dc=local"
>
> type:
> user1 Group%20Name
> and it answered:
> OK
>
> off course, user1 is a member of "Group Name"
>
> So, the %20 trick should work, but then.... from the squid.conf , it doesn't.
>
> I also tried these variations without success:
> acl group_name external ldap_group Group Name
> acl group_name external ldap_group Group\ Name
> acl group_name external ldap_group "Group Name"
> acl group_name external ldap_group Group%%20Name
> acl group_name external ldap_group Group\%20Name
>
> Any ideas?
>
> Thanks in advance,
>
> Ildefonso Camargo
>
Received on Sat Jun 21 2008 - 00:02:37 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 21 2008 - 12:00:04 MDT