[squid-users] Re: Urgent - squid_ldap_auth

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 31 Oct 2002 20:23:10 +0100

I would recommend you to as first stem create a index of the user
attribute on your LDAP server to speed up searches.

Squid does not tell the IP address to authentication helpers so doing
such split based on the IP address is not easy.

Regards
Henrik

tor 2002-10-31 klockan 18.09 skrev Osmar Klock:
> Henrik,
>
> I'm using squid_ldap_auth. Our situation is the following:
>
> LAN 1 (City 1): Network 10.7 BASEDN=USER.FBEL.JFPR
> LAN 2 (City 2): Network 10.70 BASEDN=USER.CWB.JFPR
> LAN 3 (City 3): Network 10.71 BASEDN=USER.LON.JFPR
> LAN 4 (City 4): Network 10.72 BASEDN=USER.FOZ.JFPR
> LAN 5 (City 5): Network 10.73 BASEDN=USER.MGA.JFPR
>
>
> All LANs access our single proxy that is situated in City 1. This proxy authenticates everybody (LAN 1, LAN 2, LAN 3, ...). I changed the searchscope but the ldap_search_s process is slowly (20s) for users. My problem is: i have multiples basedn for one auth method in our proxy. I'm thinking in add a switch command in squid_ldap_auth.c like this:
> switch (ip_client)
> case (network is 10.7)
> basedn = USER.FBEL.JFPR
> case (network is 10.70)
> basedn = USER.CWB.JFPR
>
> What do you think about this solution? Can you help me with this switch, especially in how get the ip_client.
>
>
>
> Best regards,
>
>
>
> ____________________________
>
> Osmar Junior Klock
> Administrador do Sistema Internet
> NINF - Justiça Federal do Paraná
> http://www.jfpr.gov.br
> Tel: +55 41 219-7479
> Curitiba (GMT-3) - Brasil
> _____________________________
Received on Thu Oct 31 2002 - 12:23:35 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:57 MST