I've been trying to configure a squid with squidguard and MS AD. I've successfuly linked my squid with my AD so far, but now, I want to link my squidguard with the active directory.
I've followed multiple tutorial, but i'm stuck with the same problem : when I launch squid, I have
2013-09-11 16:45:21 [6519] New setting: dbhome: /var/lib/squidguard/db
2013-09-11 16:45:21 [6519] New setting: logdir: /var/log/squid
2013-09-11 16:45:21 [6519] syntax error in configfile /etc/squid3/squidGuard.conf line 4
2013-09-11 16:45:21 [6519] Going into emergency mode
This is the error I get with the squidGuard 1.4 that I compiled with the –with-ldap=yes option.
Here's my squidGuard.conf file :
ldapbinddn CN="Acces AD",OU=Utilisateurs,DC=company,DC=local
ldapbindpass mypassword
ldapcachetime 60
src admin {
ldapusersearch ldap://192.168.20.1:389/dc=company,dc=local?sAMAccountName?sub?(&(memberof=CN=mygroup%2cOU=Users%2cDC=company%2cDC=local)(sAMAccountName=%s))
}
It seems that my squidGuard build is not compiled with LDAP support, but I did specified the option when I ran the compile script.
I searched pretty much everything I could think of in google, but it did not solve my problem, so I was hoping that I may find some enlightenment here.
EDIT :
I installed the debian squidGuard package, and I have some new things in my squidGuard.log :
2013-09-11 17:44:07 [7003] New setting: ldapcachetime: 60
2013-09-11 17:44:07 [7003] syntax error in configfile /etc/squid3/squidGuard.conf line 9
2013-09-11 17:44:07 [7003] Going into emergency mode
2013-09-11 17:44:07 [7004] New setting: dbhome: /var/lib/squidguard/db
2013-09-11 17:44:07 [7004] New setting: logdir: /var/log/squid
2013-09-11 17:44:07 [7004] New setting: ldapbinddn: CN="Acces AD",OU=Utilisateurs,DC=company,DC=local
2013-09-11 17:44:07 [7004] New setting: ldapbindpass: mypassword
2013-09-11 17:44:07 [7004] New setting: ldapcachetime: 60
2013-09-11 17:44:07 [7004] syntax error in configfile /etc/squid3/squidGuard.conf line 9
2013-09-11 17:44:07 [7004] Going into emergency mode
Best Answer
Not sure if this helps, but generally when i'm using squidGuard, I found that having it search LDAP was relatively slow, and it can already use the authenticated user name directly from Squid itself, I basically just have a text file with the list of users that need special privileges.
e.g.