On Wed, Oct 13, 2004 at 04:38:46PM +0200, Stephane DAVY wrote:
> Well, it works for me.
> I have something like that:
>
> external_acl_type ldap_group %LOGIN bla-bla ldap bla
>
> acl one_group external ldap_group group_in_ldap
> http_access allow one_group
>
> ....
> icap_class one_class bla-bla
> icap_access one_class allow one_group
>
> The trick is that you really need "http_access allow one_group", it is
> not enough to put http_access allow all
Yay, godlike! I never would have thought there would be a workaround for
this one. But in fact it works like a charm. This should perhaps become
an FAQ item (if the FAQ is still maintained). I found it very confusing
that the ACL was just plainly ignored even without any warning in the
cache.log.
Am I right that your solution makes Squid do the external_acl lookup and
store that information in the cache where other ACLs can read from? It
sounds like icap_access can handle both the mysterious "fast ACLs" and
the internal external_acl cache - but not the "slow external ACLs". Right?
Thanks a lot. This is the solution I've been searching for.
Christoph
-- ~ ~ ".signature" [Modified] 3 lines --100%-- 3,41 AllReceived on Thu Oct 14 2004 - 06:13:06 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Nov 01 2004 - 12:00:02 MST