The ProxyAccess attribute is something I have home-made and loaded into
my schema. It was left in the sample to provide a way of testing
against some type of attribute to validate this user has authorization
to use the service as well as a valid password for an existing account
(Squid has the AAA framework internally would be a shame to disrupt it
for access rights).
If you find this curious here is a good doc on the subject of
exteninding the LDAP schema
http://www.openldap.org/doc/admin23/schema.html
Pat
On Tue, 2007-05-15 at 11:56 -0300, Felipe Augusto van de Wiel wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Pat, squid-users,
>
> On 05/15/2007 09:55 AM, Pat Riehecky wrote:
> > This section works perfectly at my site
> >
> > auth_param basic program /usr/lib/squid/ldap_auth
> > -bou=People,dc=iwu,dc=edu -f "(&(ProxyAccess=yes)(uid=%s))"
> > ldap.domain.tld:389
>
> Are you using ProxyAccess attribute from RedHat (or
> Fedora) schema? Or did you manage to implement it in another
> way?
>
> I tried to find it but I only got information and
> schemas related to RedHat and Fedora schema (and Fedora Directory
> Server).
>
>
> Kind regards,
>
> - --
> Felipe Augusto van de Wiel <felipe@paranacidade.org.br>
> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
> http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGScoxCj65ZxU4gPQRAnNPAJ9lsOSajph1z6RcqD14dMsjJoWBqwCgjsVc
> TtfENeC9WzK179dkIjTsxZ4=
> =EEhL
> -----END PGP SIGNATURE-----
Received on Tue May 15 2007 - 10:08:15 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT