Re: [squid-users] authenticate_ttl not working

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 9 Dec 2002 03:15:15 +0100

On Monday 09 December 2002 01.49, Lee, Jason wrote:
> Thank you very much for your reply.
>
> I will be using a size limit quota. This information I will get
> from out of the log file by adding up all bytes used.
>
> What do you recommend to use for the external_acl.

Well, you will need to write your own helper telling Squid if a
certain user is currently below his quota or not, connecting to the
information you have collected above.

Squid will periodically (per configured ttl) ask the helper.

> As far as the password authentication goes, I will be using an LDAP
> authentication from a Sun unix box against a Windows 2000 Active
> Directory server. I am not having much luck connecting at the
> moment. I am testing with ldapsearch before I use squid_ldap_auth
> and am getting the following message.
>
> [root@localhost etc]# ldapsearch
> ldap_sasl_interactive_bind_s: Can't contact LDAP server

You need to disable the use of SASL authentication (-x command line
option to OpenLDAP command line tools).

The Squid LDAP helpers do not use SASL authentication.

> I think I have the details set in /etc/ldap.conf. The only thing I
> haven't done yet is to register the unix box (I am using linux
> redhat 7.3 for testing) on the domain controller. I am unsure how
> to do this. Do you think this is the only problem and do you know
> how it can be done.

There is no such procedure when using LDAP.

If you need to do searches in the LDAP directory to locate the user or
group memberships then you may need to register a dummy account Squid
can use while performing these searches. Depends on your LDAP server
security setup... some servers does not allow anonymous searches.

Regards
Henrik
Received on Sun Dec 08 2002 - 19:15:27 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:55 MST