So, in the end i'll be using Amos settings so i can manage only one group :
http_access allow ldapgroup-unrestricted
http_access deny work_unrelated !acl_lunchbreak_time
http_access allow authenticated
http_access deny all
I'm currently at the next step : debugging.... And i found something
quite interesting :
aclMatchExternal: ldapgroup("domain%5Cuser unrestricted") = lookup needed
aclMatchAclList: no match, returning 0
externalAclLookup: lookup in 'ldapgroup' for 'domain%5Cuser unrestricted'
externalAclHandleReply: reply="ERR"
So it seems that the username given to the squid_ldap_group helper is
wrong because of the "%5C".
Maybe i should strip the domain\ from the username ?
Using the helper in command line works and returns OK.
At least we have a lead... :)
Any suggestions ?
Thanks again.
François
On Wed, Dec 15, 2010 at 1:16 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 16/12/10 00:48, François Bastien wrote:
>>
>> Hey guys !
>>
>> Still no luck.
>>
>> I tried implementing Marcio's settings. It still does not work.
>
> Next step then is to start debugging why not. Either of those two setups
> should have worked.
>
> Set:
> debug_options ALL,1 28,5 29,5 82,5
>
> ... and see what is rejecting and why.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.9
> Beta testers wanted for 3.2.0.3
>
Received on Wed Dec 15 2010 - 13:07:02 MST
This archive was generated by hypermail 2.2.0 : Thu Dec 16 2010 - 12:00:03 MST