I have written an LDAP group module which, unlike the widely-known
squid_ldap_group, looks for nested groups as well as direct groups that
a particular user is a member of. The module works by taking two
arguments from stdin (username, group) and gives the standard 'OK'/'ERR'
response as is required by any squid authenticator. It is to be used in
conjunction with other modules that perform the basic username/password
authentication.
Can somebody tell me how to interface to it from squid? I know that
squid_ldap_group uses %u and %g to reference the username and the group
as referred to from the acl definition 'acl external ldap_group
GroupName', but are these variables only used by squid_ldap_group, or
will they work for any external acl helper?
So far, the external acl line I'm using in my squid.conf file is
something like this:
external_acl_type ldap_group %LOGIN /path/to/squid_ldap_group.pl
The obvious problem with this is that there is no mention of any group.
The other problem I'm having is how the authenticator receives the
FORMAT parameters. If I used '%LOGIN %SRC' (for argument's sake) would
that supply those two parameters to my authenticator via STDIN?
My authenticator works from command-line. I'm now just trying to
finalise how to interface to and from squid in order for it to work as
desired.
Hoping someone can help.
Regards
Richard
