Re: [squid-users] icap_access and external_acl does not work

From: Christoph Haas <[email protected]>
Date: Thu, 14 Oct 2004 14:13:00 +0200

On Wed, Oct 13, 2004 at 04:38:46PM +0200, Stephane DAVY wrote:
> Well, it works for me.
> I have something like that:
>
> external_acl_type ldap_group %LOGIN bla-bla ldap bla
>
> acl one_group external ldap_group group_in_ldap
> http_access allow one_group
>
> ....
> icap_class one_class bla-bla
> icap_access one_class allow one_group
>
> The trick is that you really need "http_access allow one_group", it is
> not enough to put http_access allow all

Yay, godlike! I never would have thought there would be a workaround for
this one. But in fact it works like a charm. This should perhaps become
an FAQ item (if the FAQ is still maintained). I found it very confusing
that the ACL was just plainly ignored even without any warning in the
cache.log.

Am I right that your solution makes Squid do the external_acl lookup and
store that information in the cache where other ACLs can read from? It
sounds like icap_access can handle both the mysterious "fast ACLs" and
the internal external_acl cache - but not the "slow external ACLs". Right?

Thanks a lot. This is the solution I've been searching for.

 Christoph

-- 
~
~
".signature" [Modified] 3 lines --100%--                3,41         All
Received on Thu Oct 14 2004 - 06:13:06 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Nov 01 2004 - 12:00:02 MST