[squid-users] squid ldap helpers crashing

Dear Squid-Users,

I would like just to ask a bit of help regarding
squid_ldap_group.
I tried with success the helper from commandline
about a match between a user and a group and everything works
perfectly.
Now, using the same set in squid.conf, it shows me in the
log that the helpers are crashing too quick.
My question are:
1) I need
absolutely to authenticate first with squid_ldap_auth or I could leave
the ntlm_auth at the beginning and use only squid_ldap_group to check
the membership in a ldap group?
2) at the definition of the external
acl i set "%LOGIN", but to squid_ldap_group what squid pass?
3) Why in
the squid logs for each squid_ldap_group opened show me the list with
the options?and why it shows me that the -F and -B options are required
if from commandline works perfectly and are not requested?

I attach
here the part with my configuration and (following) the logs:

squid.
conf

#about squid_ldap_group
external_acl_type squid_ldap children=20 %
LOGIN c:/squid/libexec/squid_ldap_group.exe -R -v "3" -s "sub" -b
"dc=kxxxx, dc=org" -f "(&(objectClass=person)(sAMAccountName=%v)
(memberOf=cn=%a,ou=Gruppen,ou=User F\\+E,dc=xx,dc=kxxxx,dc=org))" -d -
D "squidadmin" -w "xxxxx" -S -K -h "kxdcrt02.kxxxx.org" -p "3268"

then
the right acl with the group and the setting of the access for those.
From commandline it returns me an OK but in the running of squid the
helpers crash (I already tried to push up the number of children but
doesn´t help!)

I tried than to make the first authentication with
squid_ldap_auth.

auth_param basic program c:
/squid/libexec/squid_ldap_auth.exe -R -v "3" -s "sub" -b "dc=kxxxx,
dc=org" -f "sAMAccountName=%s" -d -D "squidadmin" -w "xxxxxx" -h
"kxdcrt02.kxxxx.org" -p "3268"

but when the login box appears and I
give my credential or other, simply it remains charging the page and
after a while give me back the loginbox without show me the webpage.

Here I put also the logs:

squid_ldap_group version 2.17

Usage:
squid_ldap_group -b basedn -f filter [options] ldap_server_name

        -b
basedn (REQUIRED) base dn under where to search for groups
        -f filter
(REQUIRED) group search filter pattern. %v = user,
                                %a = group
        -B
basedn (REQUIRED) base dn under where to search for users
        -F filter
(REQUIRED) user search filter pattern. %s = login
        -s base|one|sub
search scope
        -D binddn DN to bind as to perform searches
        -w
bindpasswd password for binddn
        -W secretfile read password for
binddn from file secretfile
        -h server LDAP server (defaults to
localhost)
        -p port LDAP server port (defaults to 389)
        -P
persistent LDAP connection
        -c timeout connect timeout
        -t timelimit
search time limit
        -R do not follow referrals
        -a
never|always|search|find
                                when to dereference aliases
        -v 2|3 LDAP
version
        -Z TLS encrypt the LDAP connection, requires
                                LDAP
version 3
        -g first query parameter is base DN extension
                                for this
query
        -S Strip NT domain from usernames
        -K Strip Kerberos realm
from usernames

        If you need to bind as a user to perform searches then
use the
        -D binddn -w bindpasswd or -D binddn -W secretfile options

2008/08/07 15:38:01| logfileOpen: opening log c:/squid/var/logs/access.
log
2008/08/07 15:38:01| Unlinkd pipe opened on FD 308
2008/08/07 15:38:
01| Swap maxSize 102400 KB, estimated 7876 objects
2008/08/07 15:38:01|
Target number of buckets: 393
2008/08/07 15:38:01| Using 8192 Store
buckets
2008/08/07 15:38:01| Max Mem size: 8192 KB
2008/08/07 15:38:
01| Max Swap size: 102400 KB
2008/08/07 15:38:01| Local cache digest
enabled; rebuild/rewrite every 3600/3600 sec
2008/08/07 15:38:01|
logfileOpen: opening log c:/squid/var/logs/store.log
2008/08/07 15:38:
01| Rebuilding storage in c:/squid/var/cache (CLEAN)
2008/08/07 15:38:
01| Using Least Load store dir selection
2008/08/07 15:38:01| Set
Current Directory to c:/squid/var/cache
2008/08/07 15:38:01| Loaded
Icons.
2008/08/07 15:38:01| Accepting accelerated HTTP connections at
172.16.30.18, port 8080, FD 314.
2008/08/07 15:38:01| Accepting HTCP
messages on port 4827, FD 315.
2008/08/07 15:38:01| Accepting SNMP
messages on port 3401, FD 316.
2008/08/07 15:38:01| Configuring Parent
172.16.30.16/8123/0
2008/08/07 15:38:01| Ready to serve requests.
2008/08/07 15:38:01| Done reading c:/squid/var/cache swaplog (0
entries)
2008/08/07 15:38:01| Finished rebuilding storage from disk.
2008/08/07 15:38:01| 0 Entries scanned
2008/08/07 15:38:
01| 0 Invalid entries.
2008/08/07 15:38:01| 0 With
invalid flags.
2008/08/07 15:38:01| 0 Objects loaded.
2008/08/07 15:38:01| 0 Objects expired.
2008/08/07 15:38:
01| 0 Objects cancelled.
2008/08/07 15:38:01| 0
Duplicate URLs purged.
2008/08/07 15:38:01| 0 Swapfile clashes
avoided.
2008/08/07 15:38:01| Took 0.1 seconds ( 0.0 objects/sec).
2008/08/07 15:38:01| Beginning Validation Procedure
2008/08/07 15:38:
01| Completed Validation Procedure
2008/08/07 15:38:01| Validated 0
Entries

I would be really happy to have any advice from you.
Thanks in
advance

Antonio
Received on Fri Aug 08 2008 - 06:07:45 MDT