Hi squid-users,
I want to setup a proxy server for statistics purposes. So all the
browsers on the network will be configured to reach the internet through
Squid.
I want statistics per user, so I am getting the login with identd
installed on each computers on the network. Security issue about ident
is not my problem here.
Then I want to check that the username returned by ident is present in
the LDAP authentication server and allow/deny the internet access
depending on the users privileges.
After reading the mailing-list and FAQ, I came up with the idea that it
was possible and with the following configuration:
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
external_acl_type my_users %IDENT /usr/lib/squid/squid_ldap_group -b "ou=****,dc=******" -f "uid=%v" -h ldapserver
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl users ident my_users
http_access allow users
http_access deny all
http_reply_access allow users
http_reply_access deny all
icp_access allow users
icp_access deny all
coredump_dir /var/spool/squid
Unfortunately this is not working : It doesn't matter if the user is in
LDAP or not, I was always refused...
I tried to use squid_ldap_group on the command line. It's working if I
give the username and password, so I wonder how I can get a "OK" just if
the user is present.
Any help or ideas would be greatly appreciated.
Thanks
This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:02 MST