Re: [squid-users] LDAP in access.log

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Mon, 23 Nov 2009 10:36:39 +0100

sön 2009-11-22 klockan 21:32 -0500 skrev Riley E. Chandler:
> I need to do a LDAP search for username based on source IP, I would
> prefer to have Squid put it in the access.log. My other option is to
> generate my own log file based off the access.log and to include the
> LDAP info separately. My users are only online for minutes or seconds
> at a time, so it's hard to correlate IP to username from the two
> different logs.

You will need to write a small script performing the lookup, and then
integrate this into Squid via external_acl_type.

external_acl_type ldap_ip_user_lookup %SRC /path/to/your/script
acl lookup_ip_user external ldap_ip_user_lookup
http_access deny lookup_ip_user !all

The strange http_access rule is just to trigger the acl. It does not in
itself have any outcome on the request and only used for the siteeffect
of setting the username.

Regards
Henrik
Received on Mon Nov 23 2009 - 09:36:43 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 24 2009 - 12:00:04 MST