Find the answer to your Linux question:
Page 1 of 3 1 2 3 LastLast
Results 1 to 10 of 25
Hello All, I am using CentOS 5.6 with squid 2.6 and squidGuard 1.4 Everything is working perfectly however, I wanted squidGuard to block by usernames in AD. So i choose ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! darqtanian's Avatar
    Join Date
    Apr 2013
    Location
    Manila, Philippines
    Posts
    11

    Unhappy SquidGuard with LDAP syntax error


    Hello All,
    I am using CentOS 5.6 with squid 2.6 and squidGuard 1.4
    Everything is working perfectly however, I wanted squidGuard to block by usernames in AD. So i choose to use the LDAP function. however I am getting a syntax error with my ldapusersearch command.

    Can somebody help me to correct it? I will be much appreciated. Thank you.

    Here's my config file.
    Code:
    dbhome /usr/local/squidGuard/db
    logdir /usr/local/squidGuard/log
    
    
    ldapbinddn CN=Proxy,OU=Users,OU=Application Objects,DC=abd,DC=multi,DC=com,DC=ph
    ldapbindpass password
    ldapcachetime 300
    
    #Sources
    src netldap {
           ldapusersearch ldap://ngs.nowcom.com.ph:3268/dc=ngs,dc=nowcom,dc=com,dc=ph?sAMAccountName?sub?(&(sAMAccountName=%s)(memberof=CN=InternetAccess%2COU=Groups%2COU=Nowcom%20Global%20Services%2COU=Company%20Objects%2CDC=ngs%2c,DC=nowcom%2cDC=com%2cDC=ph))
    }
    .....

    I am not sure what went wrong..
    the structure of my AD is.

    Domain :
    ABD.multi.com.ph
    ->Company Objects
    ->ABD
    ->Groups
    ->Internet Users


    please help.
    Last edited by atreyu; 04-17-2013 at 03:15 AM. Reason: added CODE tags to aid in readability

  2. #2
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,307
    Hello and welcome!

    As CentOS is binary clone of Red Hat Enterprise Linux, I have moved your thread to that forum, where hopefully you will get more eyes on it.

  3. #3
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,307
    Quote Originally Posted by darqtanian View Post
    however I am getting a syntax error with my ldapusersearch command.
    Can you please include:

    1. the exact command you ran which exhibited the error

    2. the text of the error itself

  4. #4
    Just Joined! darqtanian's Avatar
    Join Date
    Apr 2013
    Location
    Manila, Philippines
    Posts
    11
    Quote Originally Posted by atreyu View Post
    Can you please include:

    1. the exact command you ran which exhibited the error

    2. the text of the error itself
    Thank you for moving this..

    the command that i've run is
    Code:
    #squidGuard -C squidGuard.conf
    the error was:
    Code:
    2013-04-17 11:36:31 [14323] New setting: dbhome: /usr/local/squidGuard/db
    2013-04-17 11:36:31 [14323] New setting: logdir: /usr/local/squidGuard/log
    2013-04-17 11:36:31 [14323] New setting: ldapbinddn: CN=Proxy,OU=Users,OU=Application Objects,DC=ngs,DC=nowcom,DC=com,DC=ph
    2013-04-17 11:36:31 [14323] New setting: ldapbindpass: password
    2013-04-17 11:36:31 [14323] New setting: ldapcachetime: 300
    2013-04-17 11:36:31 [14323] syntax error in configfile /usr/local/squidGuard/squidGuard.conf line 14
    2013-04-17 11:36:31 [14323] Going into emergency mode
    thank you
    Last edited by atreyu; 04-17-2013 at 03:34 AM. Reason: added CODE tags

  5. #5
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,307
    okay, one more:
    Code:
    cat -n squidGuard.conf
    so that we know exactly what evilness is on line 14...

  6. #6
    Just Joined! darqtanian's Avatar
    Join Date
    Apr 2013
    Location
    Manila, Philippines
    Posts
    11
    Quote Originally Posted by atreyu View Post
    okay, one more:
    Code:
    cat -n squidGuard.conf
    so that we know exactly what evilness is on line 14...
    Code:
         1	#
         2	# CONFIG FILE FOR SQUIDGUARD
         3	#
         4	dbhome /usr/local/squidGuard/db
         5	logdir /usr/local/squidGuard/log
         6	
         7	
         8	ldapbinddn CN=proxy,OU=Users,OU=Application Objects,DC=abd,DC=multi,DC=com,DC=ph
         9	ldapbindpass password
        10	ldapcachetime 300
        11	
        12	#Sources
        13	src netldap {
        14		ldapusersearch ldap://abd-ph-dc01.abd.multi.com.ph:389/DC=abd,DC=multi,DC=com,DC=phsAMAccountName?sub?(&(sAMAccountName=%s)(memberof=CN=InternetAccess%2COU=Groups%2COU=ABD%20Global%20Services%2COU=Company%20Objects%2CDC=abd%2c,DC=multi%2cDC=com%2cDC=ph))
        15	}
        16	
        17	
        18	src allowed {
        19	        iplist src/allowed
        20	}
        21	
        23	src tempaccess {
        24		iplist src/tempaccess
        25	}
        26	
        27	src NGS {
        28	        ip      172.26.41.0-172.26.41.255
        29	        ip      172.26.42.0/255.255.255.0
        30	        ip      172.26.44.0/255.255.255.0
        31	}
        32	
        33	dest porn {
        34	        urllist         blacklists/porn/urls
        35	        domainlist      blacklists/porn/domains
        36	        log             porn.log
        37	}
        38	
        39	dest warez {
        40	    	domainlist 	blacklists/warez/domains
        41	    	urllist    	blacklists/warez/urls
        42		log		warez.log
        43	}
        44	
        45	dest sports {
        46	        domainlist      blacklists/sports/domains
        47	}
        48	
        49	dest social_networks {
        50	        domainlist      blacklists/social_networks/domains
        51	        urllist         blacklists/social_networks/urls
        52	        log             social.log
        53	}
        54	
        55	dest audio-video {
        56		domainlist	blacklists/audio-video/domains
        57		urllist		blacklists/audio-video/urls
        58		log		audiovideo.log
        59	}
        60	
        61	dest jobsearch {
        62		domainlist	blacklists/jobsearch/domains
        63		log		job.log
        64	}
        65	
        66	dest proxy {
        67		domainlist	blacklists/proxy/domains
        68	}
        69	
        70	dest shopping {
        71		domainlist	blacklists/shopping/domains
        72		urllist		blacklists/shopping/urls
        73	}
        74	
        75	#dest custom {
        76	#	domainlist	blacklists/custom/domains
        77	#	urllist		blacklists/custom/urls
        78	#}
        79	
        80	dest blog {
        81		domainlist	blacklists/blog/domains
        82		urllist		blacklists/blog/urls
        83	}
        84	
        85	dest radio {
        86		domainlist	blacklists/radio/domains
        87		urllist		blacklists/radio/urls
        88	}
        89	
        90	dest filehosting {
        91		domainlist	blacklists/filehosting/domains
        92		urllist		blacklists/filehosting/urls
        93	}
        94	
        95	#dest white {
        96	#	domainlist	blacklists/whitelist/domains
        97	#}
        98	
        99	
       100	acl {
       101		allowed {
       102			pass all
       103		}
       104	
       105	#	netldap {
       106	#		pass sports !all
       107	#	}
       108	
       109		tempaccess {
       110			pass social_networks audio-video !porn !warez !sports !shopping !radio !filehosting !proxy all
       111			redirect 
       112		}
       113	
       114	        NGS {
       115	               pass !porn !warez !sports !social_networks !jobsearch !audio-video !blog !shopping !radio !filehosting !proxy all
       116	#               pass !porn !warez !sports !social !audiovideo !job !shopping !blog !manga !radio !redirector !mail !filehosting !celebrity all
       117		       redirect 
       118	        }
       119	        default {
       120	                pass !porn !warez !sports !social_networks !jobsearch !audio-video !shopping !blog !radio !filehosting !proxy all
       121	#                pass !porn !warez !sports !social !audiovideo !job !shopping !blog !manga !radio !redirector !mail !filehosting !celebrity all
       122			redirect
       123	        }
       124	}
    Last edited by atreyu; 04-17-2013 at 07:54 PM. Reason: added CODE tags

  7. #7
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,307
    Quote Originally Posted by darqtanian
    Code:
        12	#Sources
        13	src netldap {
        14		ldapusersearch ldap://abd-ph-dc01.abd.multi.com.ph:389/DC=abd,DC=multi,DC=com,DC=phsAMAccountName?sub?(&(sAMAccountName=%s)(memberof=CN=InternetAccess%2COU=Groups%2COU=ABD%20Global%20Services%2COU=Company%20Objects%2CDC=abd%2c,DC=multi%2cDC=com%2cDC=ph))
        15	}
    In the ldapusersearch line, you've got some URL encoded characters. Replace each instance of %2C with a comma and each instance of %20 with a space.

    See here for a handy list of URL escape codes.

  8. #8
    Just Joined! darqtanian's Avatar
    Join Date
    Apr 2013
    Location
    Manila, Philippines
    Posts
    11
    Quote Originally Posted by atreyu View Post
    In the ldapusersearch line, you've got some URL encoded characters. Replace each instance of %2C with a comma and each instance of %20 with a space.
    after replacing what you've said, I still get the same error..

    src netldap {
    ldapusersearch ldap://abd-ph-dc01.abd.multi.com.ph:389/DC=abd,DC=multi,DC=com,DC=ph?sAMAccountName?sub?(& (sAMAccountName=%s)(memberof=CN=InternetAccess,OU= Groups,OU=ABD Global Services,OU=Company Objects,DC=abd,DC=multi,DC=com,DC=ph))
    }

  9. #9
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,307
    Quote Originally Posted by darqtanian View Post
    after replacing what you've said, I still get the same error..

    src netldap {
    ldapusersearch ldap://abd-ph-dc01.abd.multi.com.ph:389/DC=abd,DC=multi,DC=com,DC=ph?sAMAccountName?sub?(& (sAMAccountName=%s)(memberof=CN=InternetAccess,OU= Groups,OU=ABD Global Services,OU=Company Objects,DC=abd,DC=multi,DC=com,DC=ph))
    }
    Okay, yeah the URL escapes are not an issue. The config file can handle them - that was a guess.

    Are you sure your squidGuard has been compiled with LDAP support? Also, you may need ldap header/libs installed, in order for the command to work.

  10. #10
    Just Joined! darqtanian's Avatar
    Join Date
    Apr 2013
    Location
    Manila, Philippines
    Posts
    11
    Quote Originally Posted by atreyu View Post
    Okay, yeah the URL escapes are not an issue. The config file can handle them - that was a guess.

    Are you sure your squidGuard has been compiled with LDAP support? Also, you may need ldap header/libs installed, in order for the command to work.
    I've re-run the ./configure and add the ldap function. will that be okay? Do i need to configure something else with my squid.conf?
    can you elaborate the steps that I need to do? thank you

Page 1 of 3 1 2 3 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •