Re: [squid-users] User identification and LDAP check for statistics purposes

Wed, 22 Dec 2004 13:58:39 -0800 

Tim Neto wrote:


Hello Maxime,

The external LDAP helper "squid_ldap_group" only does a group check. You need to also use the external authentication helper "squid_ldap_auth".

Try something like:
------------------------------------------------------------------------------------------------ 

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

auth_param basic program /usr/lib/squid/squid_ldap_auth -h ldapserver -p port# -P -b "ou=****,dc=******" -f "uid=%s"

auth_param basic children 10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 5 minute

external_acl_type ldap_group %IDENT /usr/lib/squid/squid_ldap_group -b "ou=****,dc=******" -f "uid=%v" -h ldapserver

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

acl all src 0.0.0.0/0.0.0.0

# acl users ident my_users
acl my_users           external  ldap_group my_users

http_access allow all my_users
http_access deny all

http_reply_access allow all my_users
http_reply_access deny all

icp_access allow all my_users
icp_access deny all

coredump_dir /var/spool/squid
------------------------------------------------------------------------------------------------


Note: the "acl" definitions are logical "or', and the "http_access", "http_reply_access", and "icp_access" definitions are logical "and". Also, you never properly referenced the external LDAP group check properly.

Hope this helps. Please reply to the Squid mailing list, so others may help or improve on my replies. This way all can learn and benefit.

Thanks.

Tim

-----------------------------------------------------------
Timothy E. Neto
Computer Systems Engineer         Komatsu Canada Limited
Ph#: 905-625-6292 x265            1725B Sismet Road
Fax: 905-625-6348                 Mississauga, Canada
E-Mail: [EMAIL PROTECTED]          L4W 1P9
-----------------------------------------------------------


Thank you Tim ! This works perfectly for me !!!

Have a great Christmas time squid-users... :-)

begin:vcard
fn:Maxime Chambreuil
n:Chambreuil;Maxime
org:Savoir Faire Linux Inc
adr;quoted-printable;quoted-printable:;;5505, St Laurent #2027;Montr=C3=A9al;Qu=C3=A9bec;H2T 1S6;CANADA
email;internet:maxime.chambreuil
title;quoted-printable:Administrateur Syst=C3=A8me
tel;work:(514) 276-5468
tel;fax:(514) 994-2207
url:http://www.savoirfairelinux.com
version:2.1
end:vcard

Reply via email to