[squid-users] squid and group_ldap_auth problem from Dirk Datzert on 2001-03-18 (squid-users)

From: Dirk Datzert <Dirk.Datzert@dont-contact.us>
Date: Sun, 18 Mar 2001 11:08:34 +0100

Hi to All,

I seach the mail-archives and FAQ for a solution for the following
problem:

With squid-2.2.STABLE5, squid-2.3.STABLE3 or squid-2.3.STABLE4 with
latest patches and the group_ldap_auth program I want to authenticate
user s to a LDAP of a special group.

Using Linux 2.2.16 from SuSE 7.0 with OpenLDAP 1.2.11, Apache 1.3.9

As I request my apache thru squid a connection to openldap is done but
no Authentication box is opened by Netscape. After that the squid seems
to restart new group_ldap_authh tasks.

Here my squid.conf and cache.log:

-- START --- squid.conf ---

# TAG: authenticate_program
#authenticate_program none

# TAG: authenticate_children
#authenticate_children 5

# TAG: authenticate_ttl
#authenticate_ttl 3600

# TAG: ldap_auth_program
ldap_auth_program /usr/sbin/group_ldap_auth "o=datzert,c=de" localhost
389

# TAG: ldap_auth_children
#ldap_auth_children 5

# TAG: ldap_auth_cache_size
#ldap_auth_cache_size 64

# TAG: ldap_auth_cache_ttl
#ldap_auth_cache_ttl 3600

# TAG: ldap_auth_cache_ip_ttl
#ldap_auth_cache_ip_ttl 0

# ACCESS CONTROLS
#
-----------------------------------------------------------------------------

# TAG: acl
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl CONNECT method CONNECT

acl ldap ldap_auth REQUIRED # or acl ldap ldap_auth OK REQUIRED

# TAG: http_access
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow ldap all
http_access deny all

-- END --- squid.conf ---

-- START --- cache.log ---
2001/03/17 19:21:31| eventRun: RUN ID 44
2001/03/17 19:21:31| eventRun: Running 'MaintainSwapSpace', id 42
2001/03/17 19:21:31| eventAdd: Adding 'MaintainSwapSpace', in 1.000000
seconds
2001/03/17 19:21:31| storeMaintainSwapSpace: f=0.000000, max_scan=100,
max_remove=10
2001/03/17 19:21:31| storeMaintainSwapSpace: scanned 21/100 removed 0/10
locked 21 f=0.000
2001/03/17 19:21:31| storeMaintainSwapSpace stats:
2001/03/17 19:21:31| 21 objects
2001/03/17 19:21:31| 21 were scanned
2001/03/17 19:21:31| 21 were locked
2001/03/17 19:21:31| 0 were expired
2001/03/17 19:21:31| comm_poll: 1 FDs ready
2001/03/17 19:21:31| comm_poll: FD 17 ready for reading
2001/03/17 19:21:31| clientReadRequest: FD 17: reading request...
2001/03/17 19:21:31| commSetSelect: FD 17 type 1
2001/03/17 19:21:31| parseHttpRequest: Method is 'GET'
2001/03/17 19:21:31| parseHttpRequest: URI is 'http://localhost/'
2001/03/17 19:21:31| parseHttpRequest: req_hdr = {Proxy-Connection:
Keep-Alive
User-Agent: Mozilla/4.74 [de] (X11; U; Linux 2.2.16 i686)
Host: localhost
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png,
*/*
Accept-Encoding: gzip
Accept-Language: de, en
Accept-Charset: iso-8859-1,*,utf-8
Cookie: webcalendar_login=admin

}
2001/03/17 19:21:31| parseHttpRequest: end = {}
2001/03/17 19:21:31| parseHttpRequest: prefix_sz = 334, req_line_sz = 32

2001/03/17 19:21:31| cbdataAdd: 0x8454cf8
2001/03/17 19:21:31| parseHttpRequest: Request Header is
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/4.74 [de] (X11; U; Linux 2.2.16 i686)
Host: localhost
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png,
*/*
Accept-Encoding: gzip
Accept-Language: de, en
Accept-Charset: iso-8859-1,*,utf-8
Cookie: webcalendar_login=admin

2001/03/17 19:21:31| parseHttpRequest: Complete request received
2001/03/17 19:21:31| conn->in.offset = 0
2001/03/17 19:21:31| commSetTimeout: FD 17 timeout 86400
2001/03/17 19:21:31| init-ing hdr: 0x8433444 owner: 2
2001/03/17 19:21:31| parsing hdr: (0x8433444)
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/4.74 [de] (X11; U; Linux 2.2.16 i686)
Host: localhost
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png,
*/*
Accept-Encoding: gzip
Accept-Language: de, en
Accept-Charset: iso-8859-1,*,utf-8
Cookie: webcalendar_login=admin

2001/03/17 19:21:31| creating entry 0x8454bc8: near 'Proxy-Connection:
Keep-Alive'
2001/03/17 19:21:31| created entry 0x8454bc8: 'Proxy-Connection:
Keep-Alive'
2001/03/17 19:21:31| 0x8433444 adding entry: 36 at 0
2001/03/17 19:21:31| creating entry 0x8454c50: near 'User-Agent:
Mozilla/4.74 [de] (X11; U; Linux 2.2.16 i686)'
2001/03/17 19:21:31| created entry 0x8454c50: 'User-Agent: Mozilla/4.74
[de] (X11; U; Linux 2.2.16 i686)'
2001/03/17 19:21:31| 0x8433444 adding entry: 46 at 1
2001/03/17 19:21:31| creating entry 0x8454c68: near 'Host: localhost'
2001/03/17 19:21:31| created entry 0x8454c68: 'Host: localhost'
2001/03/17 19:21:31| 0x8433444 adding entry: 23 at 2
2001/03/17 19:21:31| creating entry 0x8454ca8: near 'Accept: image/gif,
image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*'
2001/03/17 19:21:31| created entry 0x8454ca8: 'Accept: image/gif,
image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*'
2001/03/17 19:21:31| 0x8433444 adding entry: 0 at 3
2001/03/17 19:21:31| creating entry 0x8454cc0: near 'Accept-Encoding:
gzip'
2001/03/17 19:21:31| created entry 0x8454cc0: 'Accept-Encoding: gzip'
2001/03/17 19:21:31| 0x8433444 adding entry: 2 at 4
2001/03/17 19:21:31| creating entry 0x8454cd8: near 'Accept-Language:
de, en'
2001/03/17 19:21:31| created entry 0x8454cd8: 'Accept-Language: de, en'
2001/03/17 19:21:31| 0x8433444 adding entry: 3 at 5
2001/03/17 19:21:31| creating entry 0x8455128: near 'Accept-Charset:
iso-8859-1,*,utf-8'
2001/03/17 19:21:31| created entry 0x8455128: 'Accept-Charset:
iso-8859-1,*,utf-8'
2001/03/17 19:21:31| 0x8433444 adding entry: 1 at 6
2001/03/17 19:21:31| creating entry 0x8455168: near 'Cookie:
webcalendar_login=admin'
2001/03/17 19:21:31| created entry 0x8455168: 'Cookie:
webcalendar_login=admin'
2001/03/17 19:21:31| 0x8433444 adding entry: 18 at 7
2001/03/17 19:21:31| clientSetKeepaliveFlag: http_ver = 1.0
2001/03/17 19:21:31| clientSetKeepaliveFlag: method = GET
2001/03/17 19:21:31| 0x8433444 lookup for 48
2001/03/17 19:21:31| 0x8433444 lookup for 36
2001/03/17 19:21:31| 0x8433444: joining for id 36
2001/03/17 19:21:31| 0x8433444: joined for id 36: Keep-Alive
2001/03/17 19:21:31| cbdataAdd: 0x8454f68
2001/03/17 19:21:31| cbdataLock: 0x8231a38
2001/03/17 19:21:31| cbdataLock: 0x841dbd0
2001/03/17 19:21:31| cbdataLock: 0x8454cf8
2001/03/17 19:21:31| cbdataValid: 0x8231a38
2001/03/17 19:21:31| aclCheck: checking 'http_access allow manager
localhost'
2001/03/17 19:21:31| aclMatchAclList: checking manager
2001/03/17 19:21:31| aclMatchAcl: checking 'acl manager proto
cache_object'
2001/03/17 19:21:31| aclMatchAclList: returning 0
2001/03/17 19:21:31| cbdataUnlock: 0x8231a38
2001/03/17 19:21:31| cbdataLock: 0x8231ba0
2001/03/17 19:21:31| cbdataValid: 0x8231ba0
2001/03/17 19:21:31| aclCheck: checking 'http_access deny manager'
2001/03/17 19:21:31| aclMatchAclList: checking manager
2001/03/17 19:21:31| aclMatchAcl: checking 'acl manager proto
cache_object'
2001/03/17 19:21:31| aclMatchAclList: returning 0
2001/03/17 19:21:31| cbdataUnlock: 0x8231ba0
2001/03/17 19:21:31| cbdataLock: 0x8231c08
2001/03/17 19:21:31| cbdataValid: 0x8231c08
2001/03/17 19:21:31| aclCheck: checking 'http_access deny !Safe_ports'
2001/03/17 19:21:31| aclMatchAclList: checking !Safe_ports
2001/03/17 19:21:31| aclMatchAcl: checking 'acl Safe_ports port 80 21
443 563 70 210 1025-65535'
2001/03/17 19:21:31| aclMatchAclList: returning 0
2001/03/17 19:21:31| cbdataUnlock: 0x8231c08
2001/03/17 19:21:31| cbdataLock: 0x8231c78
2001/03/17 19:21:31| cbdataValid: 0x8231c78
2001/03/17 19:21:31| aclCheck: checking 'http_access deny CONNECT
!SSL_ports'
2001/03/17 19:21:31| aclMatchAclList: checking CONNECT
2001/03/17 19:21:31| aclMatchAcl: checking 'acl CONNECT method CONNECT'
2001/03/17 19:21:31| aclMatchAclList: returning 0
2001/03/17 19:21:31| cbdataUnlock: 0x8231c78
2001/03/17 19:21:31| cbdataLock: 0x82345f8
2001/03/17 19:21:31| cbdataValid: 0x82345f8
2001/03/17 19:21:31| aclCheck: checking 'http_access allow ldap all'
2001/03/17 19:21:31| aclMatchAclList: checking ldap
2001/03/17 19:21:31| aclMatchAcl: checking 'acl ldap ldap_auth static OK
REQUIRED'
2001/03/17 19:21:31| aclMatchAclList: returning 0
2001/03/17 19:21:31| aclCheck: checking password via authenticator
2001/03/17 19:21:31| assertion failed: acl.c:1346: "ok"
2001/03/17 19:21:34| Starting Squid Cache version 2.3.STABLE3-ldap_auth
for i686-pc-linux-gnu...
2001/03/17 19:21:34| Process ID 1106
2001/03/17 19:21:34| With 1024 file descriptors available
2001/03/17 19:21:34| DNS Socket created on FD 2
2001/03/17 19:21:34| Adding nameserver 212.185.248.84 from
/etc/resolv.conf
2001/03/17 19:21:34| Adding nameserver 194.25.2.129 from
/etc/resolv.conf
2001/03/17 19:21:34| helperOpenServers: Starting 5 'group_ldap_auth'
processes
2001/03/17 19:21:34| Unlinkd pipe opened on FD 12
2001/03/17 19:21:34| Swap maxSize 40960 KB, estimated 6826 objects
2001/03/17 19:21:34| Target number of buckets: 136
2001/03/17 19:21:34| Using 8192 Store buckets
2001/03/17 19:21:34| Max Mem size: 8192 KB
2001/03/17 19:21:34| Max Swap size: 40960 KB
2001/03/17 19:21:34| Rebuilding storage in /var/squid/cache (DIRTY)
2001/03/17 19:21:34| Set Current Directory to /var/squid/cache
2001/03/17 19:21:34| Loaded Icons.
2001/03/17 19:21:34| Accepting HTTP connections at 0.0.0.0, port 3128,
FD 13.
2001/03/17 19:21:34| Accepting ICP messages at 0.0.0.0, port 3130, FD
14.
2001/03/17 19:21:34| Accepting HTCP messages on port 0, FD 15.
2001/03/17 19:21:34| WCCP Disabled.
2001/03/17 19:21:34| Ready to serve requests.
2001/03/17 19:21:34| Done scanning /var/squid/cache swaplog (0 entries)
2001/03/17 19:21:34| Finished rebuilding storage from disk.
2001/03/17 19:21:34| 0 Entries scanned
2001/03/17 19:21:34| 0 Invalid entries.
2001/03/17 19:21:34| 0 With invalid flags.
2001/03/17 19:21:34| 0 Objects loaded.
2001/03/17 19:21:34| 0 Objects expired.
2001/03/17 19:21:34| 0 Objects cancelled.
2001/03/17 19:21:34| 0 Duplicate URLs purged.
2001/03/17 19:21:34| 0 Swapfile clashes avoided.
2001/03/17 19:21:34| Took 0.6 seconds ( 0.0 objects/sec).
2001/03/17 19:21:34| Beginning Validation Procedure
2001/03/17 19:21:34| Completed Validation Procedure
2001/03/17 19:21:34| Validated 0 Entries
2001/03/17 19:21:34| store_swap_size = 21k
2001/03/17 19:21:35| storeLateRelease: released 0 objects
2001/03/17 19:21:39| Preparing for shutdown after 0 requests
2001/03/17 19:21:39| Waiting 30 seconds for active connections to finish

2001/03/17 19:21:39| FD 13 Closing HTTP connection
2001/03/17 19:21:41| Shutting down...
2001/03/17 19:21:41| FD 14 Closing ICP connection
2001/03/17 19:21:41| FD 15 Closing HTCP socket
2001/03/17 19:21:41| Closing unlinkd pipe on FD 12
2001/03/17 19:21:41| storeDirWriteCleanLogs: Starting...
2001/03/17 19:21:41| Finished. Wrote 0 entries.
2001/03/17 19:21:41| Took 0.0 seconds ( 0.0 entries/sec).
CPU Usage: 0.130 seconds = 0.070 user + 0.060 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 311
Memory usage for squid via mallinfo():
total space in arena: 2213 KB
Ordinary blocks: 2195 KB 14 blks
Small blocks: 0 KB 0 blks
Holding blocks: 176 KB 1 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 17 KB
Total in use: 2371 KB 107%
Total free: 17 KB 1%
2001/03/17 19:21:41| Squid Cache (Version 2.3.STABLE3-ldap_auth):
Exiting normally.

-- END --- cache.log ---

Best Regards,
Dirk Datzert
Received on Sun Mar 18 2001 - 03:08:55 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:42 MST