fre 2006-10-20 klockan 22:03 +1300 skrev Richard Greaney: > I have written an LDAP group module which, unlike the widely-known > squid_ldap_group, looks for nested groups as well as direct groups that > a particular user is a member of. The module works by taking two > arguments from stdin (username, group) and gives the standard 'OK'/'ERR' > response as is required by any squid authenticator. It is to be used in > conjunction with other modules that perform the basic username/password > authentication. > > Can somebody tell me how to interface to it from squid? I know that > squid_ldap_group uses %u and %g to reference the username and the group > as referred to from the acl definition 'acl external ldap_group > GroupName', but are these variables only used by squid_ldap_group, or > will they work for any external acl helper? The %u and %g is in the filter specifications to squid_ldap_group, not relevant to the communication. The communication is defined by the external_acl_type directive, i.e. % LOGIN to send the login name. And by the ACL which can add additional data. > > So far, the external acl line I'm using in my squid.conf file is > something like this: > external_acl_type ldap_group %LOGIN /path/to/squid_ldap_group.pl > > The obvious problem with this is that there is no mention of any group. It's added by the acl. > The other problem I'm having is how the authenticator receives the > FORMAT parameters. If I used '%LOGIN %SRC' (for argument's sake) would > that supply those two parameters to my authenticator via STDIN? Yes. See external_acl_type. > My authenticator works from command-line. I'm now just trying to > finalise how to interface to and from squid in order for it to work as > desired. Note: Don't forget to disable output buffering. If not your helper response will never reach Squid.. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
