On Mon, 19 Jan 2004, JJ wrote: > I am extending an ldap (e-directory) authenticator to give specific > error codes related to the directory, ie (grace logins, unknown user, > wrong password, in a denied group, multiple uid's, login hours.....) to > help our users and help desk understand the exact problem with the auth > failure. > > But, it seems that I can only have one deny_info per acl or > external_acl.
Correct. > I was attempting the following (also have tried with an external_acl): > > auth_param basic program /etc/squid/dirauth > acl Allowed proxy_auth REQUIRED > > deny_info CUSTOM_ERR_USER_NONEXIST Allowed > deny_info CUSTOM_ERR_USER_DENIED Allowed > deny_info CUSTOM_ERR_MULTIPLE_UIDS Allowed > deny_info CUSTOM_ERR_GRACE_LOGINS Allowed > > I get the custom error page CUSTOM_ERR_USER_NONEXIST, when any ERR > error= is sent. Correct. > Is there any way that I can get multiple error codes out of an acl or > external_acl with a deny_info? Or am I doing something wrong? To give multiple error codes Squid must know how to distinguish the different cases. Note: auth helpers is not the same as external acls. In Squid-3 what you ask for is implemented for external acls but not for authentication. For Squid-2 there is a patch to add this kind of functionality to authentication. <http://devel.squid-cache.org/old_projects.html#authinfo>. I thought this had been merged into Squid-2.5 and later but it seems so is not the case and some small but imporant pieces missing in how the auth helpers is supposed to indicate the reason to Squid. Regards Henrik
