Univention Bugzilla – Bug 30553
Change default group behavior for squid and dansguardian
Last modified: 2013-04-03 11:23:12 CEST
Currently when activating any squid auth mechanism squid/auth/groups is checked and defaults to true, resulting in limiting squid usage to the default group www-access. This should be changed: By default no group memberships should be evaluated, and the default grouplist should be empty. Groups are defined in squid/ldapauth/groups. This is inconsistent and should be moved to squid/auth/allowed_groups. Dansguardians default config is based around the group www-access too, assigning all users to that groups rules by default. This default group should be renamed to defaultgroup.
Fixed in rev 39207 and 39205 univention-squid 6.0.6-1 and univention-dansguardian 6.0.2-1
squid: I think the update for squid/ldapauth/groups to squid/auth/allowed_groups in univention-squid.postinst could be a little improved: if is_ucr_true squid/basicauth || is_ucr_true squid/ntlmauth || is_ucr_true squid/krb5auth; then if [ -z "$(ucr get squid/auth/groups)" ] || is_ucr_true squid/auth/groups; then echo "squid/auth/allowed_groups = squid/ldapauth/groups || www-access" fi fi ucr unset squid/auth/groups squid/ldapauth/groups dansguardian: still find www-access in the dansguardian config: grep -r www-access * conffiles/etc/dansguardian/lists/filtergroupslist:groups = configRegistry.get( 'dansguardian/groups', 'www-access' ).split( ';' )
squid: univention-squid.postinst: squid/auth/allowed_groups?"" Is this necessary?
dansguardian: What is 'web-access' used for? grep -r web-acc * conffiles/etc/dansguardian/dansguardian.conf:groups = configRegistry.get( 'dansguardian/groups', 'web-access' ) conffiles/dansguardian-filtergroups.py: groups = configRegistry.get( 'dansguardian/groups', 'web-access' ).split( ';' )
Remainging references to www-access have been removed the univention.squid postinst script has been improved rev 39624 univention-dansguardian 6.0.3-3 rev 39623 univention-squid 6.0.7-1
OK Changelog entry exists.
UCS 3.1-1 has been released: http://download.univention.de/doc/release-notes-3.1-1_en.pdf http://download.univention.de/doc/release-notes-3.1-1.pdf If this error occurs again, please use "Clone This Bug".