davefu wrote:
Hi! squid_ldap_group authentication is working fine. The problem comes when I
change the group that allows the users to surf the net. That change in LDAP
is not reflected in Squid immediately, forcing me to restart Squid. I've
tried different parameters, but no luck so far.
Here is my squid.conf:
http_port 8080
cache_dir ufs /var/spool/squid3 100 16 256
cache_access_log /var/log/squid3/access.log
cache_log /var/log/squid3/cache.log
cache_store_log none
emulate_httpd_log on
#Auth
authenticate_ttl 2 minutes
auth_param basic children 15
auth_param basic realm myrealm
auth_param basic credentialsttl 2 minutes
auth_param basic casesensitive on
auth_param basic program /usr/lib/squid3/squid_ldap_auth -b
"dc=xxxx,dc=xxxx" -f "uid=%s" -H ldap://ldapserver.myrealm
external_acl_type internet_access concurrency=10 %LOGIN
/usr/lib/squid3/squid_ldap_group -b "ou=People,dc=xxxx,dc=xxxx" -s sub -f
"(&(uid=%u)(Internet=%g))" -H ldap://ldapserver.myrealm/
#Acls
...
Any ideas?
Thanks in advance
There are ttl=N and negative_ttl=N parameters to external_acl_type which
determine how often the helper is queried vs cached results used.
Default is ttl=3600. I think you will be wanting to set it to ttl=120 to
match your auth credentials TTL.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
Current Beta Squid 3.1.0.15
