Hello,
In the squid-2.6 patch for icap, one can provide the following:
icap_send_server_ip
icap_check_interval
icap_auth_scheme
The most interesting for auth here is icap_auth_scheme, which has a
variety of options. What I would like is:
if user was authenticated with ntlm_auth, I'd like to use %d to use the
domain and %u to use the user, so that I might use something like tihs:
icap_auth_scheme
ldap://rootserver.company.com/cn=%u,dc=%d,dc=company,dc=com
This causes the user to be looked up properly by the icap parent. We
might even want to support multiple domains, but for now if we query the
root of the active directory tree, as long as we send the correct query,
I THINK we should get the right answers.
Consider squid is authenticating several users in a forest from
different child domains. The icap server needs to know how to find
their accounts, to find their group membership and other interesting
details about them and it needs to know who to send the query to.
_J
Received on Wed Nov 15 2006 - 09:57:00 MST
This archive was generated by hypermail pre-2.1.9 : Wed Nov 29 2006 - 12:00:05 MST