40/5000 PROBLEM WITH SQUIDGUARD + LDAP IN CENTOS 7

General support questions
Post Reply
lsilva19
Posts: 1
Joined: 2018/08/23 16:53:33

40/5000 PROBLEM WITH SQUIDGUARD + LDAP IN CENTOS 7

Post by lsilva19 » 2018/08/23 17:22:19

I have the following scenario and a problem. There is a CentOS 7 machine and it has Squid that is authenticated to Windows Server Active Directory via NTLM. Squid authentication with AD is working perfectly. So I also installed SquidGuard via RPM package to work with Shallalist. However, I want SquidGuard to work by searching the users in AD and perform the locks according to the groups that I define, which are "Premium, Professional and Basic". For this, on SquidGuard.conf file I included as required lines for authentication and LDAP queries. As below:

logdir /var/log/squidGuard
dbhome /var/squidGuard/blacklists
ldapbinddn CN=squidguard,CN=Users,mydomain,DC=lan
ldapbindpass mypass
ldapprotover 3
ldapcachetime 300

# ACL Basic
src basic {
ldapusersearch ldap://myldapserver:3268/OU=Usuarios,DC=mydomain,DC=lan?sAMAccountName?sub?(&(sAMAccountName=%v)(memberOf=CN=Basic%2cOU=Squid%2cDC=mydomain%2cDC=lan))
log block.log
}

But this is not working. When I see the squidGuard log in /var/log/squid/squidGuard.log I see the error:

(squidGuard): can't parse LDAP url ldap://myldapserver:3268/OU=Usuarios,DC=mydomain,DC=lan?sAMAccountName?sub?(&(sAMAccountName=%v)(memberOf=CN=Basic%2cOU=Squid%2cDC=mydomain%2cDC=lan))

And then:

Added LDAP source: test.basic

That is, apparently it is able to capture the user logged in (This test.basic is a test user), however it can not accept ldapusersearch and therefore is not doing the locks that I associated with the group in which this user is, in this case the "Basic".
It only blocks the sites that I put in the default "ACL" of SquidGuard.

Has anyone seen this error and managed to solve it?

Post Reply