Consegui. external_acl_type ldap_group children=30 %LOGIN /usr/local/libexec/squid/squid_ldap_group -v 3 -R -b "DC=autopass" -D "cn=squid,ou= Internet,DC=autopass" -w "mypass" -f "(&(objectclass=person) (sAMAccountName=%v) (memberof=cn=%a,ou=Internet,dc=autopass))" -h 192.168.9.12 -p 389
Agora estou apanhando para liberar alguns sites para um grupo especifico. #Grupo Acesso Padrao acl ldapAcessoPadrao external ldap_group AcessoPadrao # ACL com sites permitidos para Acesso Padrao acl acesso_padrao dstdomain -i "/usr/local/squid/sites_acesso_padrao" http_access allow ldapAcessoPadrao acesso_padrao Alguem tem uma sugestao? 2009/12/19 Giancarlo Rubio <[email protected]>: > Ele jamais irá funcionar assim, troque as variaves %v e %a. > Faca funcionar pelo filtro do ldapsearch e dps troque no seu squid_ldap. > > 2009/12/19 Ricardo Souza <[email protected]> > >> caos# ldapsearch -b "CN=squid,OU=Internet,DC=AUTOPASS" -D >> "CN=squid,OU=Internet,DC=AUTOPASS" -w "nypass" -h 192.168.9.12:389 >> >> "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=Internet,dc=autopass))" >> # extended LDIF >> # >> # LDAPv3 >> # base <CN=squid,OU=Internet,DC=AUTOPASS> with scope subtree >> # filter: >> (&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=Internet,dc=autopass)) >> # requesting: ALL >> # >> >> # search result >> search: 2 >> result: 0 Success >> >> # numResponses: 1 >> caos# >> >> >> 2009/12/19 Giancarlo Rubio <[email protected]>: >> > E com esse filtro abaixo, funciona no ldapsearch?? >> > >> > "(&(objectclass=person)( >> > sAMAccountName=%v)(memberof=cn=%a,ou=Internet,dc=autopass))" >> > >> > >> > 2009/12/19 Ricardo Souza <[email protected]> >> > >> >> Eu testei com ldapsearch assim. >> >> A maldita sintaxe é diferente. >> >> >> >> >> >> ldapsearch -b "CN=squid,OU=Internet,DC=AUTOPASS" -D >> >> "CN=squid,OU=Internet,DC=AUTOPASS" -w "mypass" -h 192.168.9.12:389 >> >> # extended LDIF >> >> # >> >> # LDAPv3 >> >> # base <CN=squid,OU=Internet,DC=AUTOPASS> with scope subtree >> >> # filter: (objectclass=*) >> >> # requesting: ALL >> >> # >> >> >> >> # squid, Internet, AUTOPASS >> >> dn: CN=squid,OU=Internet,DC=AUTOPASS >> >> objectClass: top >> >> objectClass: person >> >> objectClass: organizationalPerson >> >> objectClass: user >> >> cn: squid >> >> givenName: squid >> >> distinguishedName: CN=squid,OU=Internet,DC=AUTOPASS >> >> instanceType: 4 >> >> whenCreated: 20091218193058.0Z >> >> whenChanged: 20091218193212.0Z >> >> >> >> >> >> >> >> >> >> caos# /usr/local/libexec/squid/squid_ldap_group -b >> >> "CN=squid,OU=Internet,DC=AUTOPASS" -D >> >> "CN=squid,OU=Internet,DC=AUTOPASS" -w "squid123qwe" -h >> >> 192.168.9.12:389 -f >> >> >> >> >> "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=Internet,dc=autopass))" >> >> -B "DC=AUTOPASS" >> >> squid squid123qwe >> >> ERR >> >> >> >> >> >> >> >> >> >> 2009/12/19 Giancarlo Rubio <[email protected]>: >> >> > 2009/12/19 Ricardo Souza <[email protected]> >> >> > >> >> >> Alguem ai usa o squid_ldap_group fazendo query num AD no windows >> 2008? >> >> >> >> >> >> O user do squid está em >> >> >> Ou=Internet,DC=AUTOPASS. >> >> >> Nao consigo fazer a query. >> >> >> >> >> >> >> >> >> caos# /usr/local/libexec/squid/squid_ldap_group -b >> >> >> "CN=squid,OU=Internet,DC=autopass" -D >> >> >> "cn=squid,ou=internet,dc=autopass" -w "mypass" -f '(&(uid=%u))' -h >> >> >> 192.168.9.12 -p 389 -v3 >> >> >> squid mypass >> >> >> ERR >> >> >> >> >> > >> >> > Eu não uso, mais uma dica seria vc tentar fazer o filtro funcionar com >> >> > ldapsearch e dps implementar usando o squid_ldap_auth. >> >> > >> >> > >> >> > -- >> >> > Giancarlo Rubio >> >> > ------------------------- >> >> > Histórico: http://www.fug.com.br/historico/html/freebsd/ >> >> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >> >> > >> >> ------------------------- >> >> Histórico: http://www.fug.com.br/historico/html/freebsd/ >> >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >> >> >> > >> > >> > >> > -- >> > Giancarlo Rubio >> > ------------------------- >> > Histórico: http://www.fug.com.br/historico/html/freebsd/ >> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >> > >> ------------------------- >> Histórico: http://www.fug.com.br/historico/html/freebsd/ >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >> > > > > -- > Giancarlo Rubio > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
