-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/10/2014 2:28 a.m., Juan Manuel Perrote wrote: > > I have a Squid Cache: Version 3.1.19, on Ubuntu 12.04.2 LTS. > > We use external authentification on ldap repository on a remote > machine > > #********************************#********************************#******************************** > > > > #******************************** > > #REGLA VALIDACION LDAP > > #******************************** > > #Esto indica el numero de procesos de autentificacion > (notienevalorpredeterminado). > > auth_param basic children 5 > > #Especifica el numero de procesos redirector para desovar > > redirect_children 5 > > #Valido el usuario > > auth_param basic program /usr/lib/squid3/squid_ldap_auth -b > "ou=Users,dc=vs-zmaster,dc=policia,dc=rionegro,dc=gov,dc=ar" -f > "uid=%s" -h 10.11.37.2 -v 3 > > auth_param basic realm Policia de Rio Negro > > #Validar grupos > > external_acl_type ldap_group %LOGIN > /usr/lib/squid3/squid_ldap_group -b > "ou=Groups,dc=vs-zmaster,dc=policia,dc=rionegro,dc=gov,dc=ar" -f > "(&(memberUid=%u)(cn=%g)(objectClass=posixGroup))" -h 10.11.37.2 -v > 3 > > #especifica el tiempo de usuario y contrasenia valido > externamente. > > auth_param basic casesensitive on > > auth_param basic credentialsttl 280 minutes > > authenticate_ttl 60 minutes > > #********************************#********************************#******************************** > > > > The problem is that when I change the user group on ldap to other > user group (with differents permission) squid not refresh the > change so until 1hs or more, the change are not reflect on real > time. The same goes if change the password user, the user still > navigating for a while. Your configuration says "credentialsttl 280 minutes". That means Squid only checks for username/password changes once every 4hrs 40min. There is no TTL configured for external_acl_type helper. Meaning Squid uses the default TTL and groups are only checked every 1hr. > > The changes are not reflected immediately. > > But if a reload the squid service, the change take effect That depends on what you mean by "reload". * If you are restarting the service it completely shuts down and then starts again. The credentials cache is stored only in volatile memory and gets erased on shutdown or restart. * If you are reconfiguring (reload the config), the memory and thus credentials cache is retained. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUNpPRAAoJELJo5wb/XPRjZMwIAIAp1WdNCnjVvxuuEcemR2k8 yXKrMUkQ5uFKUbqQfVCsg5YdorgC/gkBatk06KqyMiBYbksAYvG45kUNtUVnKUkU +5gRgQR+Gmx59V1+BYqVZu8qLaWWg0NNX7C2iOP70SsD7IYECfi5uxbUUz3yLCia 19c6Y2iSqu0f4iWUGJEArVLvpJgoblhcgtVan9aOK77uzYVIpma/MFdl/lQZ8QST /wclWIOlIVU3j7Dw3cBZr/tHuzhFKt2WnYKFcb+8elUaL5OQzsTEpkxvnB2n25Ci pmtfBDQXvzbiThPbBWHaZ1oPMPVSIn6iLrmaxukgqxk48w5H3mjta34uP1p28NY= =R+0F -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
