There is only scripts for performing LDAP based authenitication based on login+password, there is not scripts to query some LDAP on what user is logged in at ip X. tis 2009-11-24 klockan 15:23 +1930 skrev Jose Ildefonso Camargo Tolosa: > Hi! > > But... such scripts are already part of squid, I don't have the names > at hand, but really: squid works really well with LDAP, you can even > create ACLs "by-ldap-groups". > > And, squid will produce something like this in the logs: > > 1258978126.154 5238 192.168.12.34 TCP_REFRESH_MISS/200 776 GET http://mail.goo > gle.com/ username DIRECT/74.125.45.17 text/html > > As you can see, it has: client's IP, URL, username and server IP. > > I hope this helps, > > Ildefonso Camargo > > On Tue, Nov 24, 2009 at 5:06 AM, Henrik Nordstrom > <henrik@xxxxxxxxxxxxxxxxxxx> wrote: > > sön 2009-11-22 klockan 21:32 -0500 skrev Riley E. Chandler: > >> I need to do a LDAP search for username based on source IP, I would > >> prefer to have Squid put it in the access.log. My other option is to > >> generate my own log file based off the access.log and to include the > >> LDAP info separately. My users are only online for minutes or seconds > >> at a time, so it's hard to correlate IP to username from the two > >> different logs. > > > > You will need to write a small script performing the lookup, and then > > integrate this into Squid via external_acl_type. > > > > > > external_acl_type ldap_ip_user_lookup %SRC /path/to/your/script > > acl lookup_ip_user external ldap_ip_user_lookup > > http_access deny lookup_ip_user !all > > > > > > The strange http_access rule is just to trigger the acl. It does not in > > itself have any outcome on the request and only used for the siteeffect > > of setting the username. > > > > Regards > > Henrik > > > >
