Re: [squid-users] squid_ldap_group: problem changing group in LDAP

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 01 Dec 2009 00:57:16 +1300

davefu wrote:
> Hi! squid_ldap_group authentication is working fine. The problem comes when I
> change the group that allows the users to surf the net. That change in LDAP
> is not reflected in Squid immediately, forcing me to restart Squid. I've
> tried different parameters, but no luck so far.
>
> Here is my squid.conf:
>
> http_port 8080
> cache_dir ufs /var/spool/squid3 100 16 256
>
> cache_access_log /var/log/squid3/access.log
> cache_log /var/log/squid3/cache.log
> cache_store_log none
> emulate_httpd_log on
>
> #Auth
> authenticate_ttl 2 minutes
>
> auth_param basic children 15
> auth_param basic realm myrealm
> auth_param basic credentialsttl 2 minutes
> auth_param basic casesensitive on
> auth_param basic program /usr/lib/squid3/squid_ldap_auth -b
> "dc=xxxx,dc=xxxx" -f "uid=%s" -H ldap://ldapserver.myrealm
>
>
> external_acl_type internet_access concurrency=10 %LOGIN
> /usr/lib/squid3/squid_ldap_group -b "ou=People,dc=xxxx,dc=xxxx" -s sub -f
> "(&(uid=%u)(Internet=%g))" -H ldap://ldapserver.myrealm/
>
> #Acls
> ...
>
> Any ideas?
> Thanks in advance
>

There are ttl=N and negative_ttl=N parameters to external_acl_type which
determine how often the helper is queried vs cached results used.

Default is ttl=3600. I think you will be wanting to set it to ttl=120 to
match your auth credentials TTL.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
   Current Beta Squid 3.1.0.15
Received on Mon Nov 30 2009 - 11:57:25 MST

This archive was generated by hypermail 2.2.0 : Mon Nov 30 2009 - 12:00:04 MST