Hi,
my question is the following: Is it possible to tell squid that a
external_acl must be checked again?
We have the situation where users are switched on/off for internet
access over a group membership in the MS-ActiveDirectory. Their
credentials are valid all the time, so setting the credentialsttl has no
effect.
My workaround at the moment is to reconfigure squid every 2 minutes. But
even in my opinion this is quite dirty.
Is there any other solution?
Thanks a lot,
Dirk
P.S. Here is an extract of my squid.conf:
auth_param basic program /usr/lib/squid/open2 (which will look in 2 ADs
for valid users)
auth_param basic realm Internet-Sicherheitsabfrage
acl password proxy_auth REQUIRED
external_acl_type LCgroup %LOGIN /usr/lib/squid/squid_ldap_group -b
ou=Gruppen,dc=lc-hab,dc=local -D cn=lcsys-28,ou=more,dc=lc-hab,dc=local
-w xxx -B ou=Teilnehmer,dc=lc-hab,dc=local -F "sAMAccountname=%s" -f
"(&(cn=%a)(member=%u))" -h 192.168.105.10
acl LCweb external LCgroup GT_Internetzugang
http_access allow LCweb
Received on Mon Sep 26 2005 - 03:18:01 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Oct 01 2005 - 12:00:04 MDT