Amos Just done some early testing of 3.2.0.5 over the last few days and am having some trouble with LDAP acls. Haven't fully concluded my testing but have found when doing multiple LDAP lookups that the behaviour has changed from my working 3.1.3 release.
Relevant configuration below. What I have determined is that it works for the first and second " acl InetAccess_x external InetGroup Internet_Access_x", ie where user is in either of the first 2 LDAP groups checked but not any of the subsequent ones. This config works fine at 3.1.3 Still more testing/proving to do but thought I would give an early heads up. Regards Steve auth_param basic program /usr/acme001/Squid/libexec/basic_ldap_auth -b "O=COMPANY" -f uid=%s -c 2 -t 2 -v 3 -h 10.xxx.xxx.xxx,10.xxx.xxx.xxx auth_param basic realm acme001 Internet Access - Level 0 Support Testing Only external_acl_type InetGroup %LOGIN /usr/acme001/Squid/libexec/ext_ldap_group_acl -b "" -f "(&(cn=%g)(objectClass=groupOfNames)(member=%u))" -B "" -F "(&(uid=%s)(objectClass=Person))" -c 2 -t 2 -v 3 -h 10.xxx.xxx.xxx,10.xxx.xxx.xxx acl localnet proxy_auth REQUIRED src 10.0.0.0/8 acl InetAccess_A external InetGroup Internet_Access_A acl InetAccess_B external InetGroup Internet_Access_B acl InetAccess_C external InetGroup Internet_Access_C acl InetAccess_D external InetGroup Internet_Access_D acl InetAccess_E external InetGroup Internet_Access_E acl InetAccess_F external InetGroup Internet_Access_F acl InetAccess_G external InetGroup Internet_Access_G acl InetAccess_H external InetGroup Internet_Access_H acl InetAccess_I external InetGroup Internet_Access_I acl InetAccess_J external InetGroup Internet_Access_J acl InetAccess_K external InetGroup Internet_Access_K acl InetAccess_L external InetGroup Internet_Access_L acl InetAccess_M external InetGroup Internet_Access_M acl InetAccess_N external InetGroup Internet_Access_N acl InetAccess_O external InetGroup Internet_Access_O acl InetAccess_P external InetGroup Internet_Access_P acl InetAccess_Q external InetGroup Internet_Access_Q acl InetAccess_R external InetGroup Internet_Access_R acl InetAccess_S external InetGroup Internet_Access_S acl InetAccess_T external InetGroup Internet_Access_T acl InetAccess_U external InetGroup Internet_Access_U acl InetAccess_V external InetGroup Internet_Access_V acl InetAccess_W external InetGroup Internet_Access_W acl InetAccess_X external InetGroup Internet_Access_X acl InetAccess_Y external InetGroup Internet_Access_Y acl InetAccess_Z external InetGroup Internet_Access_Z http_access allow InetAccess_A http_access allow InetAccess_B http_access allow InetAccess_C http_access allow InetAccess_D http_access allow InetAccess_E http_access allow InetAccess_F http_access allow InetAccess_G http_access allow InetAccess_H http_access allow InetAccess_I http_access allow InetAccess_J http_access allow InetAccess_K http_access allow InetAccess_L http_access allow InetAccess_M http_access allow InetAccess_N http_access allow InetAccess_O http_access allow InetAccess_P http_access allow InetAccess_Q http_access allow InetAccess_R http_access allow InetAccess_S http_access allow InetAccess_T http_access allow InetAccess_U http_access allow InetAccess_V http_access allow InetAccess_W http_access allow InetAccess_X http_access allow InetAccess_Y http_access allow InetAccess_Z -----Original Message----- From: Amos Jeffries [mailto:[email protected]] Sent: 28 February 2011 02:35 To: [email protected] Subject: 3.2 release checkup The long-term plan I have was hoping to release 3.2 stable next weekend (yeah right!). These are the issues I know if still holding us at step 3 (beta) on the release checklist: (http://wiki.squid-cache.org/ReleaseProcess) * auth crashes in Negotiate and NTLM - Amos. * IPv6 split-stack incomplete (multiple OS require this) - Amos. * StringNG upgrade merged - Kinkie, Alex ? * SMP cache/store support (RockStore) - Alex * 8 bugs major or higher outstanding from 3.0 stable * 26 bugs major or higher outstanding from 3.1 stable (several will be resolved by the above work) Could I get an estimate of how much longer these are likely to take please? Also, if there are other issues you see not mentioned, please let me know or ensure the bug about it is marked an appropriate level of severity. Additional important issues with less urgency: * Windows support - Amos, Kinkie, Guido ? * stale-while-revalidate ** requires async revalidation, which is blocked by store changes Amos
