SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000921: Active Directory And Squid Problem - MantisBT Endian Bugtracker
Endian Issue Tracker

Please see now our new Bugtracker system: JIRA

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000921Endian FirewallApplication Level Proxiespublic2008-06-06 18:382008-09-10 15:44
Assigned Tosimon-endian 
PlatformOSOS Version
Product Version2.2-rc1 
Target Version2.2-rc3Fixed in Version2.2-rc2 
Summary0000921: Active Directory And Squid Problem
DescriptionI was trying to authenticate Endian Squid users against an Active Directory,
but after some tests, I figure out that's Endian wrote a wrong squid.conf file
for my AD.

 First Endian is missing "-v 3" when use with "Active Directory" LDAP option.

 Second, Endian is allways missing the first LDAP level after the AD BaseDN, for

 I have:

 But Endian wrotes a squid.conf like this:

 Again I have:

 But Endian wrotes a squid.conf like this:

Additional InformationHere my diff from squid.conf generated by Endian and my squid.conf finaly
working against my Active directory:

root@efw:/etc/squid # diff -Nru squid.conf squid.conf-OK
--- squid.conf 2008-06-04 21:03:38.000000000 -0300
+++ squid.conf-OK 2008-06-04 20:29:06.000000000 -0300
@@ -63,16 +63,16 @@

-auth_param basic program /usr/lib/squid/squid_ldap_auth -b "DC=teste,DC=com" -d -D "CN=Administrador,CN=Users,DC=teste,DC=com" -w "PASSWORD" -f "(&(&(objectClass=person)(sAMAccountName=%s))(|(memberOf=cn=Administradores,DC=teste,DC=com)(memberOf=cn=Internet,DC=teste,DC=com)))" -u sAMAccountName -P
+auth_param basic program /usr/lib/squid/squid_ldap_auth -v 3 -b "DC=teste,DC=com" -d -D "CN=Administrador,CN=Users,DC=teste,DC=com" -w "PASSWORD" -f "(&(&(objectClass=person)(sAMAccountName=%s))(|(memberOf=cn=Administradores,DC=teste,DC=com)(memberOf=cn=Internet,CN=Users,DC=teste,DC=com)))" -u sAMAccountName -P
 auth_param basic children 20
 auth_param basic realm Endian Advanced Proxy Server
 auth_param basic credentialsttl 60 minutes

-external_acl_type ldap_group ttl=300 %LOGIN /usr/lib/squid/squid_ldap_group -b "DC=teste,DC=com" -d -D "CN=Administrador,CN=Users,DC=teste,DC=com" -w "PASSWORD" -f "(&(&(objectClass=person)(sAMAccountName=%u))(memberOf=%g))" -P
+external_acl_type ldap_group ttl=300 %LOGIN /usr/lib/squid/squid_ldap_group -v 3 -b "DC=teste,DC=com" -d -D "CN=Administrador,CN=Users,DC=teste,DC=com"-w "PASSWORD" -f "(&(&(objectClass=person)(sAMAccountName=%u))(memberOf=%g))" -P

-acl for_group1_users external ldap_group cn=Administradores,DC=teste,DC=com
-acl for_group3_users external ldap_group cn=Internet,DC=teste,DC=com
+acl for_group1_users external ldap_group cn=Administradores,CN=Builtin,DC=teste,DC=com
+acl for_group3_users external ldap_group cn=Internet,CN=Users,DC=teste,DC=com
 acl for_inetusers proxy_auth REQUIRED

 Has all of you can see, Endian is missing "CN=Builtin", "CN=Users" and "-v 3"
from configurarion. I guess it's a problem with ldap_enabled_groups variable.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
Anonymous (viewer)
2008-06-16 14:45

where is the patch ?
simon-endian (developer)
2008-07-10 09:04

it will be included in the 2.2 rc2

- Issue History
Date Modified Username Field Change
2008-06-06 18:38 danielgines New Issue
2008-06-06 18:55 peter-endian Assigned To => simon-endian
2008-06-06 18:55 peter-endian Status new => assigned
2008-06-06 18:55 peter-endian Target Version => 2.2
2008-06-12 13:23 simon-endian Status assigned => resolved
2008-06-12 13:23 simon-endian Fixed in Version => 2.2
2008-06-12 13:23 simon-endian Resolution open => fixed
2008-06-16 14:45 Anonymous Status resolved => feedback
2008-06-16 14:45 Anonymous Resolution fixed => reopened
2008-06-16 14:45 Anonymous Note Added: 0001318
2008-07-10 09:04 simon-endian Note Added: 0001431
2008-07-10 09:04 simon-endian Status feedback => closed
2008-07-10 09:04 simon-endian Resolution reopened => fixed
2008-07-10 09:04 simon-endian Fixed in Version 2.2 => 2.2-rc2
2008-09-10 15:44 chris-endian Target Version 2.2 => 2.2-rc3

Copyright © 2005-2008 Endian, SRL. All rights reserved.

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker