Re: [squid-users] Ubuntu Server 13.10. Squid 3.3.8. WARNING: external ACL 'memberof' queue overload

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Wed, 13 Nov 2013 02:04:14 +0200

Hey,

"debug_options ALL,1 11,3 28,6 29,6 82,6"
And throw couple requests to the server

Eliezer

On 11/13/2013 01:58 AM, Andrey ‪ wrote:
> Hi Eliezer,
>
> yes it's working i got following lines related to LDAP in log:
>
> 2013/11/13 00:47:28.348| Acl.cc(336) matches: ACLList::matches: checking
> localhost
> 2013/11/13 00:47:28.348| Acl.cc(319) checklistMatches:
> ACL::checklistMatches: checking 'localhost'
> 2013/11/13 00:47:28.348| Ip.cc(560) match: aclIpMatchIp:
> '192.168.1.135:54208' NOT found
> 2013/11/13 00:47:28.348| Acl.cc(321) checklistMatches:
> ACL::ChecklistMatches: result for 'localhost' is 0
> 2013/11/13 00:47:28.348| Acl.cc(354) matches: localhost result is false
> 2013/11/13 00:47:28.348| Checklist.cc(275) matchNode: 0x7f655bf98768
> matched=0 async=0 finished=0
> 2013/11/13 00:47:28.348| Checklist.cc(299) matchNode: 0x7f655bf98768
> simple mismatch
> 2013/11/13 00:47:28.348| Checklist.cc(160) checkAccessList:
> 0x7f655bf98768 checking 'http_access deny !LDAP_Auth'
> 2013/11/13 00:47:28.348| Acl.cc(336) matches: ACLList::matches: checking
> !LDAP_Auth
> 2013/11/13 00:47:28.348| Acl.cc(319) checklistMatches:
> ACL::checklistMatches: checking 'LDAP_Auth'
> 2013/11/13 00:47:28.348| UserRequest.cc(360) authenticate: No connection
> authentication type
> 2013/11/13 00:47:28.348| UserRequest.cc(115) UserRequest: initialised
> request 0x7f655bf97520
> 2013/11/13 00:47:28.348| User.cc(67) User: Initialised auth_user
> '0x7f655bf95200'.
> 2013/11/13 00:47:28.348| User.cc(153) ~User: Freeing auth_user
> '0x7f655bf95200'.
> 2013/11/13 00:47:28.348| UserRequest.cc(93) valid: Validated.
> Auth::UserRequest '0x7f655bf97520'.
> 2013/11/13 00:47:28.349| UserRequest.cc(93) valid: Validated.
> Auth::UserRequest '0x7f655bf97520'.
> 2013/11/13 00:47:28.349| UserRequest.cc(93) valid: Validated.
> Auth::UserRequest '0x7f655bf97520'.
> 2013/11/13 00:47:28.349| Acl.cc(259) cacheMatchAcl: ACL::cacheMatchAcl:
> cache hit on acl 'LDAP_Auth' (0x7f655bc40a70)
> 2013/11/13 00:47:28.349| Acl.cc(321) checklistMatches:
> ACL::ChecklistMatches: result for 'LDAP_Auth' is 1
> 2013/11/13 00:47:28.349| Acl.cc(354) matches: !LDAP_Auth result is false
> 2013/11/13 00:47:28.349| Checklist.cc(275) matchNode: 0x7f655bf98768
> matched=0 async=0 finished=0
> 2013/11/13 00:47:28.349| Checklist.cc(299) matchNode: 0x7f655bf98768
> simple mismatch
> 2013/11/13 00:47:28.349| Checklist.cc(160) checkAccessList:
> 0x7f655bf98768 checking 'http_access deny !InetAccess'
> 2013/11/13 00:47:28.349| Acl.cc(336) matches: ACLList::matches: checking
> !InetAccess
> 2013/11/13 00:47:28.349| Acl.cc(319) checklistMatches:
> ACL::checklistMatches: checking 'InetAccess'
> 2013/11/13 00:47:28.349| external_acl.cc(826) aclMatchExternal: memberof
> check user authenticated.
> 2013/11/13 00:47:28.349| external_acl.cc(832) aclMatchExternal: memberof
> user is authenticated.
> 2013/11/13 00:47:28.349| external_acl.cc(856) aclMatchExternal:
> memberof("administrator InternetAccess") = lookup needed
> 2013/11/13 00:47:28.349| external_acl.cc(858) aclMatchExternal:
> "administrator InternetAccess": entry=@0, age=0
> 2013/11/13 00:47:28.349| WARNING: external ACL 'memberof' queue
> overload. Request rejected 'administrator InternetAccess'.
> 2013/11/13 00:47:28.349| Checklist.cc(146) markFinished: 0x7f655bf98768
> answer DUNNO for aclMatchExternal exception
> 2013/11/13 00:47:28.349| Acl.cc(321) checklistMatches:
> ACL::ChecklistMatches: result for 'InetAccess' is -1
> 2013/11/13 00:47:28.349| Acl.cc(354) matches: !InetAccess result is false
> 2013/11/13 00:47:28.349| Checklist.cc(275) matchNode: 0x7f655bf98768
> matched=0 async=0 finished=1
> 2013/11/13 00:47:28.349| Checklist.cc(294) matchNode: 0x7f655bf98768
> exception: DUNNO
> 2013/11/13 00:47:28.349| Checklist.cc(88) matchNonBlocking:
> ACLChecklist::check: 0x7f655bf98768 match found, calling back with DUNNO
> 2013/11/13 00:47:28.349| Checklist.cc(182) checkCallback:
> ACLChecklist::checkCallback: 0x7f655bf98768 answer=DUNNO
> 2013/11/13 00:47:28.349| FilledChecklist.cc(77) ~ACLFilledChecklist:
> ACLFilledChecklist destroyed 0x7fff35ef82a0
> 2013/11/13 00:47:28.349| Checklist.cc(334) ~ACLChecklist:
> ACLChecklist::~ACLChecklist: destroyed 0x7fff35ef82a0
> 2013/11/13 00:47:28.349| FilledChecklist.cc(77) ~ACLFilledChecklist:
> ACLFilledChecklist destroyed 0x7fff35ef82a0
> 2013/11/13 00:47:28.349| Checklist.cc(334) ~ACLChecklist:
> ACLChecklist::~ACLChecklist: destroyed 0x7fff35ef82a0
> 2013/11/13 00:47:28.349| UserRequest.cc(93) valid: Validated.
> Auth::UserRequest '0x7f655bf97520'.
> 2013/11/13 00:47:28.349| FilledChecklist.cc(77) ~ACLFilledChecklist:
> ACLFilledChecklist destroyed 0x7f655bf98768
> 2013/11/13 00:47:28.349| Checklist.cc(334) ~ACLChecklist:
> ACLChecklist::~ACLChecklist: destroyed 0x7f655bf98768
> 2013/11/13 00:47:28.350| FilledChecklist.cc(77) ~ACLFilledChecklist:
> ACLFilledChecklist destroyed 0x7f655bf98768
> 2013/11/13 00:47:28.350| Checklist.cc(334) ~ACLChecklist:
> ACLChecklist::~ACLChecklist: destroyed 0x7f655bf98768
> 2013/11/13 00:47:28.350| UserRequest.cc(121) ~UserRequest: freeing
> request 0x7f655bf97520
>
> But it is far from understanding for me. I see many HEX based addresses,
> what they are mean is not clear.
>
> Thank you.
Received on Wed Nov 13 2013 - 01:01:08 MST

This archive was generated by hypermail 2.2.0 : Wed Nov 13 2013 - 12:00:03 MST