The ProxyAccess attribute is something I have home-made and loaded into my schema. It was left in the sample to provide a way of testing against some type of attribute to validate this user has authorization to use the service as well as a valid password for an existing account (Squid has the AAA framework internally would be a shame to disrupt it for access rights). If you find this curious here is a good doc on the subject of exteninding the LDAP schema http://www.openldap.org/doc/admin23/schema.html Pat On Tue, 2007-05-15 at 11:56 -0300, Felipe Augusto van de Wiel wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Pat, squid-users, > > On 05/15/2007 09:55 AM, Pat Riehecky wrote: > > This section works perfectly at my site > > > > auth_param basic program /usr/lib/squid/ldap_auth > > -bou=People,dc=iwu,dc=edu -f "(&(ProxyAccess=yes)(uid=%s))" > > ldap.domain.tld:389 > > Are you using ProxyAccess attribute from RedHat (or > Fedora) schema? Or did you manage to implement it in another > way? > > I tried to find it but I only got information and > schemas related to RedHat and Fedora schema (and Fedora Directory > Server). > > > Kind regards, > > - -- > Felipe Augusto van de Wiel <felipe@xxxxxxxxxxxxxxxxxxx> > Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE > http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFGScoxCj65ZxU4gPQRAnNPAJ9lsOSajph1z6RcqD14dMsjJoWBqwCgjsVc > TtfENeC9WzK179dkIjTsxZ4= > =EEhL > -----END PGP SIGNATURE-----
