fre 2006-10-20 klockan 22:03 +1300 skrev Richard Greaney:
> I have written an LDAP group module which, unlike the widely-known
> squid_ldap_group, looks for nested groups as well as direct groups that
> a particular user is a member of. The module works by taking two
> arguments from stdin (username, group) and gives the standard 'OK'/'ERR'
> response as is required by any squid authenticator. It is to be used in
> conjunction with other modules that perform the basic username/password
> authentication.
>
> Can somebody tell me how to interface to it from squid? I know that
> squid_ldap_group uses %u and %g to reference the username and the group
> as referred to from the acl definition 'acl external ldap_group
> GroupName', but are these variables only used by squid_ldap_group, or
> will they work for any external acl helper?
The %u and %g is in the filter specifications to squid_ldap_group, not
relevant to the communication.
The communication is defined by the external_acl_type directive, i.e. %
LOGIN to send the login name. And by the ACL which can add additional
data.
>
> So far, the external acl line I'm using in my squid.conf file is
> something like this:
> external_acl_type ldap_group %LOGIN /path/to/squid_ldap_group.pl
>
> The obvious problem with this is that there is no mention of any group.
It's added by the acl.
> The other problem I'm having is how the authenticator receives the
> FORMAT parameters. If I used '%LOGIN %SRC' (for argument's sake) would
> that supply those two parameters to my authenticator via STDIN?
Yes. See external_acl_type.
> My authenticator works from command-line. I'm now just trying to
> finalise how to interface to and from squid in order for it to work as
> desired.
Note: Don't forget to disable output buffering. If not your helper
response will never reach Squid..
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST