I have written an LDAP group module which, unlike the widely-known
squid_ldap_group, looks for nested groups as well as direct groups that
a particular user is a member of. The module works by taking two
arguments from stdin (username, group) and gives the standard 'OK'/'ERR'
response as is required by any squid authenticator. It is to be used in
conjunction with other modules that perform the basic username/password
authentication.
Can somebody tell me how to interface to it from squid? I know that
squid_ldap_group uses %u and %g to reference the username and the group
as referred to from the acl definition 'acl external ldap_group
GroupName', but are these variables only used by squid_ldap_group, or
will they work for any external acl helper?
So far, the external acl line I'm using in my squid.conf file is
something like this:
external_acl_type ldap_group %LOGIN /path/to/squid_ldap_group.pl
The obvious problem with this is that there is no mention of any group.
The other problem I'm having is how the authenticator receives the
FORMAT parameters. If I used '%LOGIN %SRC' (for argument's sake) would
that supply those two parameters to my authenticator via STDIN?
My authenticator works from command-line. I'm now just trying to
finalise how to interface to and from squid in order for it to work as
desired.
Hoping someone can help.
Regards
Richard
Received on Fri Oct 20 2006 - 03:03:40 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST