Hi,
I have a setup of squid3 with ntlm authen and I use squidGuard 1.5 to filter my web traffic.
My squid3 is authenticating users properly and parsing all rules. The problem is with squidguard which doesn't seem to filter out users. below is my squidguard config.
Code:
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log
ldapbinddn "cn=Ldap,cn=Users,dc=domain,dc=com"
ldapbindpass secretpass
ldapcachetime 300
ldapprotover 3
src Allowed_Top_Mgmt {
ldapusersearch "ldap://host.domain.com:3268/dc=domain,dc=com?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=cn=Allowed_Full_Proxy_Users%2cou=Group%20Accounts%2cdc=domain%2cdc=com))"
}
dest ads {
domainlist ads/domains
urllist ads/urls
redirect http://192.168.100.195/blocked.html
}
acl {
Allowed-Top-Mgmt {
pass !ads all
redirect http://192.168.100.195/blocked.html
}
default {
pass none
redirect http://192.168.100.195/blocked.html
}
}
My squidguard logs have these messages.
Code:
[30393] (squidGuard): ldap_search_ext_s failed: Bad search filter (params: dc=domain,dc=com, 2, (&(sAMAccountName=domain\peter.hank)(memberOf=cn=Allowed_Full_Proxy_Users,ou=Group Accounts,dc=domain,dc=com)), sAMAccountName)
2011-03-21 18:44:51 [30393] Added LDAP source: domain%5cpeter.hank
2011-03-21 18:44:51 [30393] DEBUG: sgFindUser called with: domain%5cpeter.hank
peter.hank user is unable to access anything or any other user from other group is not able to access anything. Peter.hank is a member of the above defined group, I have cross checked it.
Please do give me some ways to test ldapuser. Some pointers would even work.
Thanks