On Wed, Oct 13, 2004 at 04:38:46PM +0200, Stephane DAVY wrote: > Well, it works for me. > I have something like that: > > external_acl_type ldap_group %LOGIN bla-bla ldap bla > > acl one_group external ldap_group group_in_ldap > http_access allow one_group > > .... > icap_class one_class bla-bla > icap_access one_class allow one_group > > The trick is that you really need "http_access allow one_group", it is > not enough to put http_access allow all
Yay, godlike! I never would have thought there would be a workaround for this one. But in fact it works like a charm. This should perhaps become an FAQ item (if the FAQ is still maintained). I found it very confusing that the ACL was just plainly ignored even without any warning in the cache.log. Am I right that your solution makes Squid do the external_acl lookup and store that information in the cache where other ACLs can read from? It sounds like icap_access can handle both the mysterious "fast ACLs" and the internal external_acl cache - but not the "slow external ACLs". Right? Thanks a lot. This is the solution I've been searching for. Christoph -- ~ ~ ".signature" [Modified] 3 lines --100%-- 3,41 All
