Re: [squid-users] --> LDAP and NTLM

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 09 Jan 2003 13:17:00 +0100

"Alex Carlos Braga Antão" wrote:

> 1) ACL (ldap_auth): on my acls, if I put the username all in lowercase,
> squid_ldap_auth seems to authenticate ONLY if the user type its Username on
> lowercase. Is there a way to make it non-casesensitive ??? If not, I´ll have
> to put at least 3 entries on my ACL´s (ex: John, john, JOHN)...

Yes, by helping to extend Squid with support for case-insensitive
authentication.

If not, use proxy_auth_regex acl type.. but don't make very long lists
of users then.

Another alternative is to use a external_acl helper to match the allowed
users per group.

> 2) LOGS: When a user authenticate by NTLM, on the log it apears:
> domain\username as the username authenticated, but when he authenticates by
> LDAP, only the username is logged on the access.log file. Is there a way to
> make both log only USERNAME, or DOMAIN/USERNAME ??? The problem with it is
> if I run SARG ou webalizer, the logs that will be generated will contain
> both users...

Not really. Squid has no means of knowing user is the same, and simply
logs what it knows.

You could post-process the logs to unify the usernames before processing
the log.

Regards
Henrik
Received on Thu Jan 09 2003 - 05:20:58 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:35 MST