Не работал squid_ldap_group

Настраивал связку Squid+AD. Negotiate авторизация завелась без проблем, захотелось, чтобы пользователи ходили по группам из LDAP. По мануалам настроил external acl, но оно не взлетело. В cache.log при запуске сыпалось:

2014/11/12 10:04:41| helperOpenServers: Starting 5/5 ‘squid_ldap_group’ processes

2014/11/12 10:04:41| commBind: Cannot bind socket FD 31 to [::1]: (99) Cannot assign requested address

2014/11/12 10:04:41| commBind: Cannot bind socket FD 32 to [::1]: (99) Cannot assign requested address

2014/11/12 10:04:41| ipcCreate: Failed to create child FD.

2014/11/12 10:04:41| WARNING: Cannot run ‘/usr/lib/squid3/squid_ldap_group’ process.

2014/11/12 10:04:41| commBind: Cannot bind socket FD 34 to [::1]: (99) Cannot assign requested address

2014/11/12 10:04:41| commBind: Cannot bind socket FD 35 to [::1]: (99) Cannot assign requested address

2014/11/12 10:04:41| ipcCreate: Failed to create child FD.

2014/11/12 10:04:41| WARNING: Cannot run ‘/usr/lib/squid3/squid_ldap_group’ process.

2014/11/12 10:04:41| commBind: Cannot bind socket FD 37 to [::1]: (99) Cannot assign requested address

2014/11/12 10:04:41| commBind: Cannot bind socket FD 38 to [::1]: (99) Cannot assign requested address

2014/11/12 10:04:41| ipcCreate: Failed to create child FD.

2014/11/12 10:04:41| WARNING: Cannot run ‘/usr/lib/squid3/squid_ldap_group’ process.

2014/11/12 10:04:41| commBind: Cannot bind socket FD 39 to [::1]: (99) Cannot assign requested address

2014/11/12 10:04:41| commBind: Cannot bind socket FD 40 to [::1]: (99) Cannot assign requested address

2014/11/12 10:04:41| ipcCreate: Failed to create child FD.

2014/11/12 10:04:41| WARNING: Cannot run ‘/usr/lib/squid3/squid_ldap_group’ process.

2014/11/12 10:04:41| commBind: Cannot bind socket FD 41 to [::1]: (99) Cannot assign requested address

2014/11/12 10:04:41| commBind: Cannot bind socket FD 42 to [::1]: (99) Cannot assign requested address

2014/11/12 10:04:41| ipcCreate: Failed to create child FD.

2014/11/12 10:04:41| WARNING: Cannot run ‘/usr/lib/squid3/squid_ldap_group’ process.

Вилы были в том, что squid был собран с поддержкой ipv6, и он пытался взаимодействовать со своими плагинами с помощью ipv6. Чтобы этого избежать, нужно явно указать, что необходимо использовать ipv4:

external_acl_type ldap_verify ipv4 %LOGIN /usr/lib/squid3/squid_lda…

Автор: Василий Иванов
Дата публикации: 2014-11-11T18:41:00.000-08:00