Univention Bugzilla – Bug 31003
squid/auth/allowed_groups weird interpretation in template /etc/univention/templates/files/etc/squid3/squid.conf
Last modified: 2013-04-10 08:48:59 CEST
I had on a UCS 3.1 installation with ucs@school some trouble with the squid proxy. I found out that there is a rule called inetusers, and this reference to the file /etc/squid3/allowed_ldap_groups.conf. Problem, i havent set the variable squid/auth/allowed_groups so the file was empty, but the rule was still in the config. Therefor, when you unset the variable the template jumps still in the if clause: if configRegistry.get("squid/auth/allowed_groups") != "": print "# Allow access based on ldap group membership" ldapGroup = 'external_acl_type ldap_group %LOGIN /usr/lib/squid3/squid_ldap_group' ldapGroup += ' -h %s' % configRegistry.get("ldap/server/name", "") ldapGroup += ' -p %d' % int(configRegistry.get("ldap/server/port", 7389)) ldapGroup += ' -B "%s"' % configRegistry.get("ldap/base", "") ldapGroup += ' -b "%s"' % configRegistry.get("ldap/base", "") ldapGroup += ' -D "%s"' % configRegistry.get("ldap/hostdn", "") if configRegistry.is_true('squid/ntlmauth'): ldapGroup += ' -S' if configRegistry.is_true('squid/krb5auth'): ldapGroup += ' -K' ldapGroup += ' -s sub' ldapGroup += ' -F "(uid=%s)"' ldapGroup += ' -W /etc/squid3.secret' ldapGroup += ' -f "(&(objectclass=univentionGroup)(uniqueMember=%u)(cn=%g))"' print ldapGroup print 'acl inetusers external ldap_group "/etc/squid3/allowed_ldap_groups.conf"' print 'http_access deny !inetusers' Maybe it would be smarter to check if the variable is set at all? All the best Roman
This bug should be fixed in errata84: http://errata.univention.de/3.1-errata84.html Could you check if it still occurs after installing the update?
Yeah is fixed. And everything's working fine.
*** This bug has been marked as a duplicate of bug 30969 ***