[squid-users] Delay Pools, external acl, single sign-on

From: Martin Perner <martin.perner@dont-contact.us>
Date: Tue, 04 Sep 2007 15:31:49 +0200

Hi,

I'm running Squid 2.6.STABLE12 on a sles10 with a Novell Backend.

I have a script (IPUser) for a type of single sign-on with the novellsystem.
This script uses the ip-address to get the user which is logged in at
this address.
In combination with speedcheck for the delay pools which uses the login
of the user i have a problem.

The problem is that the script for the single sign-on didn't seem to set
the %LOGIN variable.
Because of that, speedcheck initiate a normale authentification with the
user, using the program defined inauth_param program and by making that
disable the single sign-on.

To leave the speedcheck out of the http_access would disable the
delaypools because of the fastlookup on the delay pool acl.

That means that i ether have the delay pools running or the single sign-on.

Has anybody a idea to get both running?

Thanks in advance

parts of the squid.conf:

external_acl_type IPUser ttl=10 %SRC /usr/sbin/squid_auth.pl
external_acl_type speedcheck2 %LOGIN /usr/bin/java -jar
/opt/proxy/user.jar 2

auth_param basic program /usr/sbin/squid_ldap_auth -u cn -b o=Edu -H
ldaps://192.168.148.10 -f "(&(objectclass=user)(cn=%s))" -v 3

acl speed2 external speedcheck2
acl auth proxy_auth REQUIRED
acl ipuser external IPUser

http_access deny ipuser !ipuser
http_access deny speedcheck2 !speedcheck2
http_access allow auth
http_access deny all

delay_pools 1
delay_class 1 2
delay_access 1 allow speed2
delay_access 1 deny all
delay_parameters 1 -1/-1 64000/64000
Received on Tue Sep 04 2007 - 07:30:39 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:02 MDT