Hi squid-users,
I want to setup a proxy server for statistics purposes. So all the browsers on the network will be configured to reach the internet through Squid.
I want statistics per user, so I am getting the login with identd installed on each computers on the network. Security issue about ident is not my problem here.
Then I want to check that the username returned by ident is present in the LDAP authentication server and allow/deny the internet access depending on the users privileges.
After reading the mailing-list and FAQ, I came up with the idea that it was possible and with the following configuration:
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY
external_acl_type my_users %IDENT /usr/lib/squid/squid_ldap_group -b "ou=****,dc=******" -f "uid=%v" -h ldapserver
refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl users ident my_users
http_access allow users http_access deny all
http_reply_access allow users
http_reply_access deny all
icp_access allow users icp_access deny all
coredump_dir /var/spool/squid
Unfortunately this is not working : It doesn't matter if the user is in LDAP or not, I was always refused...
I tried to use squid_ldap_group on the command line. It's working if I give the username and password, so I wonder how I can get a "OK" just if the user is present.
Any help or ideas would be greatly appreciated.
Thanks
begin:vcard fn:Maxime Chambreuil n:Chambreuil;Maxime org:Savoir Faire Linux Inc adr;quoted-printable;quoted-printable:;;5505, St Laurent #2027;Montr=C3=A9al;Qu=C3=A9bec;H2T 1S6;CANADA email;internet:maxime.chambreuil title;quoted-printable:Administrateur Syst=C3=A8me tel;work:(514) 276-5468 tel;fax:(514) 994-2207 url:http://www.savoirfairelinux.com version:2.1 end:vcard
