[squid-users] SquidGuard - Ldap doesnt filter users

From: Go Wow <gowows_at_gmail.com>
Date: Mon, 21 Mar 2011 23:17:43 +0400

Hi,

I have a setup of squid3 with ntlm authen and I use squidGuard 1.5 to
filter my web traffic. I know this is not a right place to post it, I
guess squidguard dev team is busy enhancing the product. Looking for
help from you guys.

My squid3 is authenticating users properly and parsing all rules. The
problem is with squidguard which doesn't seem to filter out users.
below is my squidguard config.

dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log
ldapbinddn "cn=Ldap,cn=Users,dc=domain,dc=com"
ldapbindpass secretpass
ldapcachetime 300
ldapprotover 3

src Allowed_Top_Mgmt {
         ldapusersearch
"ldap://host.domain.com:3268/dc=domain,dc=com?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=cn=Allowed_Full_Proxy_Users%2cou=Group%20Accounts%2cdc=domain%2cdc=com))"
}

dest ads {
    domainlist ads/domains
    urllist ads/urls
    redirect http://192.168.100.195/blocked.html
}
acl {
    Allowed-Top-Mgmt {
        pass !ads all
        redirect http://192.168.100.195/blocked.html
        }
    default {
        pass none
        redirect http://192.168.100.195/blocked.html
        }
}

My squidguard logs have these messages.

[30393] (squidGuard): ldap_search_ext_s failed: Bad search filter
(params: dc=domain,dc=com, 2,
(&(sAMAccountName=domain\peter.hank)(memberOf=cn=Allowed_Full_Proxy_Users,ou=Group
Accounts,dc=domain,dc=com)), sAMAccountName)
[30393] Added LDAP source: domain%5cpeter.hank
[30393] DEBUG: sgFindUser called with: domain%5cpeter.hank

peter.hank user is unable to access anything or any other user from
other group is not able to access anything. Peter.hank is a member of
the above defined group, I have cross checked it.

Please do give me some ways to test ldapuser. Some pointers would even work.

Thanks
Received on Mon Mar 21 2011 - 19:17:52 MDT

This archive was generated by hypermail 2.2.0 : Thu Mar 24 2011 - 12:00:04 MDT