Re: [squid-users] LDAP in access.log

From: Jose Ildefonso Camargo Tolosa <ildefonso.camargo_at_gmail.com>
Date: Tue, 24 Nov 2009 15:23:27 +1930

Hi!

But... such scripts are already part of squid, I don't have the names
at hand, but really: squid works really well with LDAP, you can even
create ACLs "by-ldap-groups".

And, squid will produce something like this in the logs:

1258978126.154 5238 192.168.12.34 TCP_REFRESH_MISS/200 776 GET http://mail.goo
gle.com/ username DIRECT/74.125.45.17 text/html

As you can see, it has: client's IP, URL, username and server IP.

I hope this helps,

Ildefonso Camargo

On Tue, Nov 24, 2009 at 5:06 AM, Henrik Nordstrom
<henrik_at_henriknordstrom.net> wrote:
> sön 2009-11-22 klockan 21:32 -0500 skrev Riley E. Chandler:
>> I need to do a LDAP search for username based on source IP, I would
>> prefer to have Squid put it in the access.log.  My other option is to
>> generate my own log file based off the access.log and to include the
>> LDAP info separately.  My users are only online for minutes or seconds
>> at a time, so it's hard to correlate IP to username from the two
>> different logs.
>
> You will need to write a small script performing the lookup, and then
> integrate this into Squid via external_acl_type.
>
>
> external_acl_type ldap_ip_user_lookup %SRC /path/to/your/script
> acl lookup_ip_user external ldap_ip_user_lookup
> http_access deny lookup_ip_user !all
>
>
> The strange http_access rule is just to trigger the acl. It does not in
> itself have any outcome on the request and only used for the siteeffect
> of setting the username.
>
> Regards
> Henrik
>
>
Received on Mon Nov 23 2009 - 19:53:40 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 24 2009 - 12:00:04 MST