On Fri, 2008-04-11 at 09:11 +0200, Davide Meloni wrote: > On Thu, Apr 10, 2008 at 9:47 PM, Alex Rousskov > <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > > The above ICAP and HTTP headers are from a non-Squid proxy, right? What > > confuses me is that earlier you said that Squid was sending: > > > > > > X-Authenticated-User: test\r\n > > > > yet I cannot find that header in Squid3 sources. Did you apply some > > patches to teach Squid to emit that header? > > No Alex, this packet was sent by Squiq (Squid3.0STABLE1 on ubuntu > server 8.04 beta). > > "X-Authenticated-User" Was put by me in squid.conf customizing: > > # TAG: icap_client_username_header > # ICAP request header name to use for send_client_username. > # > #Default: > # icap_client_username_header X-Client-Username > icap_client_username_header X-Authenticated-User > > I've modified this TAG because I saw that username is inserted here by > Squid and my ICAP server was looking for the username in this field. > (if I understood the working method of the ICAP server and the meaning > of the TAG that I've modified). You tricked me! :-) I understand what is going on now. It looks like we just need to find somebody who can finish that patch you found so that "whole LDAP dn" can be included in the client username header. I assume you cannot do it yourself, but please correct me if I am wrong. If you cannot sponsor the work, please file an enhancement bug report with a reference to this thread and the old patch. Let's hope some kind sole will help you. If you can sponsor the work, try contacting one of the companies at http://www.squid-cache.org/Support/services.dyn Good luck, Alex.
