Univention Bugzilla – Bug 30969
Change default group behavior for squid and dansguardian
Last modified: 2013-04-10 08:48:59 CEST
With UCS 3.1-1 the behaviour of squid.conf changed: if configRegistry.get("squid/auth/allowed_groups") != "": If allowed_groups is not equal to the empty string (e.g. the variable is unset and get() returns the value None), the default squid groups will be activated. This breaks the proxy config on all UCS@school installations. Workaround: ucr set squid/auth/allowed_groups="" Sidenote: If the variable squid/allowfrom gets changed, /etc/squid3/squid.conf does not get recreated from UCR template. +++ This bug was initially created as a clone of Bug #30553 +++ Currently when activating any squid auth mechanism squid/auth/groups is checked and defaults to true, resulting in limiting squid usage to the default group www-access. This should be changed: By default no group memberships should be evaluated, and the default grouplist should be empty. Groups are defined in squid/ldapauth/groups. This is inconsistent and should be moved to squid/auth/allowed_groups. Dansguardians default config is based around the group www-access too, assigning all users to that groups rules by default. This default group should be renamed to defaultgroup.
(In reply to comment #0) > Sidenote: > If the variable squid/allowfrom gets changed, /etc/squid3/squid.conf does not > get recreated from UCR template. Ignore this. I changed the outdated variable "proxy/allowfrom" and mixed it up.
Fixed in errata3.1-1: univention-squid 6.0.8-2.195.201304031424 ucs3.1-2: univention-squid 6.0.9-1.196.201304031432 Changelog and yaml created. 2013-04-03-univention-squid.yaml
OK errata 3.1-1 OK advisory OK 3.1-2 OK changelog 3.1-2
http://errata.univention.de/3.1-errata84.html
*** Bug 31003 has been marked as a duplicate of this bug. ***