Hi! But... such scripts are already part of squid, I don't have the names at hand, but really: squid works really well with LDAP, you can even create ACLs "by-ldap-groups". And, squid will produce something like this in the logs: 1258978126.154 5238 192.168.12.34 TCP_REFRESH_MISS/200 776 GET http://mail.goo gle.com/ username DIRECT/74.125.45.17 text/html As you can see, it has: client's IP, URL, username and server IP. I hope this helps, Ildefonso Camargo On Tue, Nov 24, 2009 at 5:06 AM, Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> wrote: > sön 2009-11-22 klockan 21:32 -0500 skrev Riley E. Chandler: >> I need to do a LDAP search for username based on source IP, I would >> prefer to have Squid put it in the access.log. My other option is to >> generate my own log file based off the access.log and to include the >> LDAP info separately. My users are only online for minutes or seconds >> at a time, so it's hard to correlate IP to username from the two >> different logs. > > You will need to write a small script performing the lookup, and then > integrate this into Squid via external_acl_type. > > > external_acl_type ldap_ip_user_lookup %SRC /path/to/your/script > acl lookup_ip_user external ldap_ip_user_lookup > http_access deny lookup_ip_user !all > > > The strange http_access rule is just to trigger the acl. It does not in > itself have any outcome on the request and only used for the siteeffect > of setting the username. > > Regards > Henrik > >
