[squid-users] User identification and LDAP check for statistics purposes

From: Maxime Chambreuil <[email protected]>
Date: Tue, 21 Dec 2004 19:03:31 -0500

Hi squid-users,

I want to setup a proxy server for statistics purposes. So all the
browsers on the network will be configured to reach the internet through
Squid.

I want statistics per user, so I am getting the login with identd
installed on each computers on the network. Security issue about ident
is not my problem here.

Then I want to check that the username returned by ident is present in
the LDAP authentication server and allow/deny the internet access
depending on the users privileges.

After reading the mailing-list and FAQ, I came up with the idea that it
was possible and with the following configuration:

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

external_acl_type my_users %IDENT /usr/lib/squid/squid_ldap_group -b "ou=****,dc=******" -f "uid=%v" -h ldapserver

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

acl all src 0.0.0.0/0.0.0.0

acl users ident my_users

http_access allow users
http_access deny all

http_reply_access allow users
http_reply_access deny all
  

icp_access allow users
icp_access deny all

coredump_dir /var/spool/squid

Unfortunately this is not working : It doesn't matter if the user is in
LDAP or not, I was always refused...

I tried to use squid_ldap_group on the command line. It's working if I
give the username and password, so I wonder how I can get a "OK" just if
the user is present.

Any help or ideas would be greatly appreciated.

Thanks

Received on Tue Dec 21 2004 - 17:04:19 MST

This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:02 MST