There is only scripts for performing LDAP based authenitication based on
login+password, there is not scripts to query some LDAP on what user is
logged in at ip X.
tis 2009-11-24 klockan 15:23 +1930 skrev Jose Ildefonso Camargo Tolosa:
> Hi!
>
> But... such scripts are already part of squid, I don't have the names
> at hand, but really: squid works really well with LDAP, you can even
> create ACLs "by-ldap-groups".
>
> And, squid will produce something like this in the logs:
>
> 1258978126.154 5238 192.168.12.34 TCP_REFRESH_MISS/200 776 GET http://mail.goo
> gle.com/ username DIRECT/74.125.45.17 text/html
>
> As you can see, it has: client's IP, URL, username and server IP.
>
> I hope this helps,
>
> Ildefonso Camargo
>
> On Tue, Nov 24, 2009 at 5:06 AM, Henrik Nordstrom
> <henrik_at_henriknordstrom.net> wrote:
> > sön 2009-11-22 klockan 21:32 -0500 skrev Riley E. Chandler:
> >> I need to do a LDAP search for username based on source IP, I would
> >> prefer to have Squid put it in the access.log. My other option is to
> >> generate my own log file based off the access.log and to include the
> >> LDAP info separately. My users are only online for minutes or seconds
> >> at a time, so it's hard to correlate IP to username from the two
> >> different logs.
> >
> > You will need to write a small script performing the lookup, and then
> > integrate this into Squid via external_acl_type.
> >
> >
> > external_acl_type ldap_ip_user_lookup %SRC /path/to/your/script
> > acl lookup_ip_user external ldap_ip_user_lookup
> > http_access deny lookup_ip_user !all
> >
> >
> > The strange http_access rule is just to trigger the acl. It does not in
> > itself have any outcome on the request and only used for the siteeffect
> > of setting the username.
> >
> > Regards
> > Henrik
> >
> >
Received on Mon Nov 23 2009 - 20:13:47 MST
This archive was generated by hypermail 2.2.0 : Tue Nov 24 2009 - 12:00:04 MST