Re: [squid-users] User identification and LDAP check for statistics purposes

From: Maxime Chambreuil <[email protected]>
Date: Wed, 22 Dec 2004 16:38:42 -0500

Tim Neto wrote:

>
> Hello Maxime,
>
> The external LDAP helper "squid_ldap_group" only does a group check.
> You need to also use the external authentication helper
> "squid_ldap_auth".
>
> Try something like:
>
> ------------------------------------------------------------------------------------------------
>
> hierarchy_stoplist cgi-bin ?
>
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
>
> auth_param basic program /usr/lib/squid/squid_ldap_auth -h ldapserver
> -p port# -P -b "ou=****,dc=******" -f "uid=%s"
>
> auth_param basic children 10
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 5 minute
>
> external_acl_type ldap_group %IDENT /usr/lib/squid/squid_ldap_group -b
> "ou=****,dc=******" -f "uid=%v" -h ldapserver
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
>
> acl all src 0.0.0.0/0.0.0.0
>
> # acl users ident my_users
> acl my_users external ldap_group my_users
>
> http_access allow all my_users
> http_access deny all
>
> http_reply_access allow all my_users
> http_reply_access deny all
>
> icp_access allow all my_users
> icp_access deny all
>
> coredump_dir /var/spool/squid
>
> ------------------------------------------------------------------------------------------------
>
>
> Note: the "acl" definitions are logical "or', and the "http_access",
> "http_reply_access", and "icp_access" definitions are logical "and".
> Also, you never properly referenced the external LDAP group check
> properly.
>
> Hope this helps. Please reply to the Squid mailing list, so others
> may help or improve on my replies. This way all can learn and benefit.
>
> Thanks.
>
> Tim
>
> -----------------------------------------------------------
> Timothy E. Neto
> Computer Systems Engineer Komatsu Canada Limited
> Ph#: 905-625-6292 x265 1725B Sismet Road
> Fax: 905-625-6348 Mississauga, Canada
> E-Mail: tneto@komatsu.ca L4W 1P9
> -----------------------------------------------------------

Thank you Tim ! This works perfectly for me !!!

Have a great Christmas time squid-users... :-)

Received on Wed Dec 22 2004 - 14:39:28 MST

This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:02 MST