-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 21/01/2015 1:38 a.m., Simon Staeheli wrote: >> Whatever floats your boat. The point of the Addon/Plugin/helpers >> API is that you can use scripts if thy serve your needs better. >> >> All the usual Open Source benefits of "many eyeballs" and >> somebody else doing code maintenance for you applies to using a >> bundled helper over a custom written one. >> >> Beyond that the kerberos helper also provides automatic detection >> of which LDAP server to use via mutiple auto-configuration >> methods. >> >> If you can demonstrate that the ext_kerberos_ldap_group_acl does >> provides a superset of the functionality of ext_ldap_group_acl >> helper then I can de-duplicate the two helpers. >> >> Amos > > Thanks for the hint regarding automatic detection of LDAP servers. > I am just trying to find what the differences between the two > helpers are and which one does fit my needs better. Any others? > Nothing I can pick out easily. > Do you know anything about the feature in > ext_kerberos_ldap_group_acl mentioned by Markus Moeller in an > earlier post? > > "I have a new method in my squid 3.4 patch which uses the Group > Information MS is putting in the ticket. This would eliminate the > ldap lookup completely." > (http://www.squid-cache.org/mail-archive/squid-users/201309/0046.html) > > I think that refers to a work in progress. Markus maintains the un-bundled version of his helpers a little in advance of what has made it into the Squid stable branch. Some of what is available in his helper downloads is only in the Squid-3.HEAD alpha development code so far. I am working on obsoleting the need for external group helpers. From 3.5 auth helpers can deliver to Squid a set of group= kv-pair in their response. Those can be used with the note ACL type to check group names without any external_acl_type helper lookup (making group checks possible in 'fast' access controls). Markus joined me in this project and his latest kerberos auth helper (in 3.HEAD and his versions - *not* the 3.5 bundled version) produces group= kv-pair. Unfortunately they are in the obscure S-*-*-* registry ID format MS uses. The external_acl_type helper interface cannot yet be passed notes to decipher that to a known group name. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUvlOyAAoJELJo5wb/XPRjZskH/3VQdCv4juTHZ0QAOyQvCdLP L1ZRDF/ix4MkVIsblsPL20G1KznKRbDBdDZ+DWM4lHDp7m1rwXD972GUmI7JZQDV VvjQVMrXfZ3h8VcwpzPXKKiIOJp3+P5e7XpVDQGYAzOBJjnvs2OsIKGGsGwo4kXE lElRU9WbspurY4ic07hjSCcM3VAdWMtIy8FVoq2bdegH6qor1dGeoVIMYVnSOBUG 9gTqWBYxkltI5S19f6zWjk2Kscn7ZYWvPezN38NHouL4ueM0rAHxvUNP2ueudUwR tZBavBNpiCJ08dXbhU1nUivyTQX99w8t0VMmYeomTc2Q7znofsX0FefFRFZ1GcY= =Yg6k -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
