[squid-users] external_acl from Kirill Kamyshnikov on 2013-10-06 (squid-users)

From: Kirill Kamyshnikov <kirill.kamyshnikov_at_gmail.com>
Date: Sun, 6 Oct 2013 13:27:55 +0400

external_acl_type ldap_users ipv4 ttl=20 concurrency=10
children-max=20 children-startup=5 %LOGIN
/usr/lib/squid3/ext_ldap_group_acl -d -R -P -b "o=garant" -v 3 -f
"(&(cn=%v)(groupMembership=%g))" -s sub ldap.site

2013/10/06 13:15:15.737 kid1| external_acl.cc(826) aclMatchExternal:
ldap_users check user authenticated.
2013/10/06 13:15:15.737 kid1| external_acl.cc(832) aclMatchExternal:
ldap_users user is authenticated.
2013/10/06 13:15:15.737 kid1| external_acl.cc(856) aclMatchExternal:
ldap_users("kam cn=fullaccess_users,ou=Proxy,ou=SERVICE,o=Garant") =
lookup needed
2013/10/06 13:15:15.737 kid1| external_acl.cc(858) aclMatchExternal:
"kam cn=fullaccess_users,ou=Proxy,ou=SERVICE,o=Garant": entry=@0,
age=0
2013/10/06 13:15:15.737 kid1| external_acl.cc(861) aclMatchExternal:
"kam cn=fullaccess_users,ou=Proxy,ou=SERVICE,o=Garant": queueing a
call.
2013/10/06 13:15:15.737 kid1| external_acl.cc(863) aclMatchExternal:
"kam cn=fullaccess_users,ou=Proxy,ou=SERVICE,o=Garant": return -1.
2013/10/06 13:15:15.737 kid1| external_acl.cc(1451) Start: fg lookup
in 'ldap_users' for 'kam
cn=fullaccess_users,ou=Proxy,ou=SERVICE,o=Garant'
2013/10/06 13:15:15.737 kid1| external_acl.cc(1506) Start:
externalAclLookup: looking up for 'kam
cn=fullaccess_users,ou=Proxy,ou=SERVICE,o=Garant' in 'ldap_users'.
2013/10/06 13:15:15.737 kid1| external_acl.cc(1516) Start:
externalAclLookup: will wait for the result of 'kam
cn=fullaccess_users,ou=Proxy,ou=SERVICE,o=Garant' in 'ldap_users'
(ch=0x7f8497088d38).
ext_ldap_group_acl.cc(726): pid=4159 :group filter
'(&(cn=0)(groupMembership=kam))', searchbase 'o=garant'
ext_ldap_group_acl: WARNING: LDAP search error 'Invalid DN syntax'
ext_ldap_group_acl.cc(587): pid=4159 :Connected OK
ext_ldap_group_acl.cc(726): pid=4159 :group filter
'(&(cn=0)(groupMembership=kam))', searchbase 'o=garant'
ext_ldap_group_acl: WARNING: LDAP search error 'Invalid DN syntax'
ext_ldap_group_acl.cc(726): pid=4159 :group filter
'(&(cn=0)(groupMembership=cn=fullaccess_users,ou=Proxy,ou=SERVICE,o=Garant))',
searchbase 'o=garant'
2013/10/06 13:15:15.742 kid1| external_acl.cc(1367)
externalAclHandleReply: externalAclHandleReply: reply="ERR "
2013/10/06 13:15:15.742 kid1| external_acl.cc(1276)
external_acl_cache_add: external_acl_cache_add: Adding 'kam
cn=fullaccess_users,ou=Proxy,ou=SERVICE,o=Garant' = DENIED

Why cn=0?

Check from command line:
kam_at_april3:/etc/squid3# /usr/lib/squid3/ext_ldap_group_acl -d -R -P -b
"o=garant" -v 3 -f "(&(cn=%v)(groupMembership=%g))" -s sub ldap.site
kam cn=fullaccess_users,ou=Proxy,ou=SERVICE,o=Garant
ext_ldap_group_acl.cc(587): pid=4227 :Connected OK
ext_ldap_group_acl.cc(726): pid=4227 :group filter
'(&(cn=kam)(groupMembership=cn=fullaccess_users,ou=Proxy,ou=SERVICE,o=Garant))',
searchbase 'o=garant'
OK

Best regards,
Kirill
Received on Sun Oct 06 2013 - 09:28:07 MDT

This archive was generated by hypermail 2.2.0 : Sun Oct 06 2013 - 12:00:03 MDT