[squid-users] Re: Urgent - squid_ldap_auth

To reconfigure your LDAP server to have a search index for the
attribute(s) you tell squid_ldap_auth to search for to locate the
user in your LDAP tree.

If no such index exists your LDAP server will search thru each and every
record in your LDAP structure, which takes a lot of time for large trees.

If such index exists, searches for a exact attribute like the login name
is more or less instantaneous, irregardless of how many entries you have
in the LDAP tree.

See your LDAP server manual for instructions on how to create such
indexes.

Regards
Henrik

On Thu, 31 Oct 2002, Osmar Klock wrote:

> What means create a index of the user attribute on my LDAP server?
>
> Regards,
>
>
> ____________________________
>
> Osmar Junior Klock
> Administrador do Sistema Internet
> NINF - Justiça Federal do Paraná
> http://www.jfpr.gov.br
> Tel: +55 41 219-7479
> Curitiba (GMT-3) - Brasil
> _____________________________
>
> ----- Original Message -----
> From: "Henrik Nordstrom" <hno@marasystems.com>
> To: "Osmar Klock" <sysop@jfpr.gov.br>
> Cc: "Squid Users" <squid-users@squid-cache.org>
> Sent: Thursday, October 31, 2002 5:23 PM
> Subject: Re: Urgent - squid_ldap_auth
>
>
> I would recommend you to as first stem create a index of the user
> attribute on your LDAP server to speed up searches.
>
> Squid does not tell the IP address to authentication helpers so doing
> such split based on the IP address is not easy.
>
> Regards
> Henrik
>
>
> tor 2002-10-31 klockan 18.09 skrev Osmar Klock:
> > Henrik,
> >
> > I'm using squid_ldap_auth. Our situation is the following:
> >
> > LAN 1 (City 1): Network 10.7 BASEDN=USER.FBEL.JFPR
> > LAN 2 (City 2): Network 10.70 BASEDN=USER.CWB.JFPR
> > LAN 3 (City 3): Network 10.71 BASEDN=USER.LON.JFPR
> > LAN 4 (City 4): Network 10.72 BASEDN=USER.FOZ.JFPR
> > LAN 5 (City 5): Network 10.73 BASEDN=USER.MGA.JFPR
> >
> >
> > All LANs access our single proxy that is situated in City 1. This
> proxy authenticates everybody (LAN 1, LAN 2, LAN 3, ...). I changed the
> searchscope but the ldap_search_s process is slowly (20s) for users. My
> problem is: i have multiples basedn for one auth method in our proxy. I'm
> thinking in add a switch command in squid_ldap_auth.c like this:
> > switch (ip_client)
> > case (network is 10.7)
> > basedn = USER.FBEL.JFPR
> > case (network is 10.70)
> > basedn = USER.CWB.JFPR
> >
> > What do you think about this solution? Can you help me with this switch,
> especially in how get the ip_client.
> >
> >
> >
> > Best regards,
> >
> >
> >
> > ____________________________
> >
> > Osmar Junior Klock
> > Administrador do Sistema Internet
> > NINF - Justiça Federal do Paraná
> > http://www.jfpr.gov.br
> > Tel: +55 41 219-7479
> > Curitiba (GMT-3) - Brasil
> > _____________________________
>
>
>
>
>
Received on Thu Oct 31 2002 - 23:29:07 MST