Delay Pools, external acl, single sign-on

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Delay Pools, external acl, single sign-on

Martin Perner
Hi,

I'm running Squid 2.6.STABLE12 on a sles10 with a Novell Backend.

I have a script (IPUser) for a type of single sign-on with the novellsystem.
This script uses the ip-address to get the user which is logged in at
this address.
In combination with speedcheck for the delay pools which uses the login
of the user i have a problem.

The problem is that the script for the single sign-on didn't seem to set
the %LOGIN variable.
Because of that, speedcheck initiate a normale authentification with the
user, using the program defined inauth_param program and by making that
disable the single sign-on.

To leave the speedcheck out of the http_access would disable the
delaypools because of the fastlookup on the delay pool acl.

That means that i ether have the delay pools running or the single sign-on.

Has anybody a idea to get both running?

Thanks in advance


parts of the squid.conf:

external_acl_type IPUser ttl=10 %SRC /usr/sbin/squid_auth.pl
external_acl_type speedcheck2 %LOGIN /usr/bin/java -jar
/opt/proxy/user.jar 2

auth_param basic program /usr/sbin/squid_ldap_auth -u cn -b o=Edu -H
ldaps://192.168.148.10 -f "(&(objectclass=user)(cn=%s))" -v 3

acl speed2 external speedcheck2
acl auth proxy_auth REQUIRED
acl ipuser external IPUser

http_access deny ipuser !ipuser
http_access deny speedcheck2 !speedcheck2
http_access allow auth
http_access deny all

delay_pools 1
delay_class 1 2
delay_access 1 allow speed2
delay_access 1 deny all
delay_parameters 1 -1/-1 64000/64000

Reply | Threaded
Open this post in threaded view
|

Re: Delay Pools, external acl, single sign-on

Henrik Nordström
On tis, 2007-09-04 at 15:31 +0200, Martin Perner wrote:

> The problem is that the script for the single sign-on didn't seem to set
> the %LOGIN variable.

Correct, as authentication has not been used.

%EXT_USER is the external_acl_type format tag to use for referencing the
usename returned by an external acl helper.

Regards
Henrik

signature.asc (316 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [solved] Delay Pools, external acl, single sign-on

Martin Perner
Thanks very much

that solved the problem

Henrik Nordstrom wrote:

> On tis, 2007-09-04 at 15:31 +0200, Martin Perner wrote:
>
>  
>> The problem is that the script for the single sign-on didn't seem to set
>> the %LOGIN variable.
>>    
>
> Correct, as authentication has not been used.
>
> %EXT_USER is the external_acl_type format tag to use for referencing the
> usename returned by an external acl helper.
>
> Regards
> Henrik
>