Re: [squid-users] Squid Partitions ...

2005-11-14 Thread Denis Vlasenko 
On Monday 14 November 2005 12:05, Gilles ROUTIER wrote:
> Hy,
> 
> Does Y have it a utility to use two partitions of cache on Squid?

Yes. You can use RAID array.

> Of type /cache1 /cache2 ?
--
vda

[squid-users] Squid Partitions ...

2005-11-14 Thread Gilles ROUTIER 
Hy,

Does Y have it a utility to use two partitions of cache on Squid?
Of type /cache1 /cache2 ?

Or is only one partition enough it ?

Thanks,
Gil


*
"Le contenu de ce courriel et ses eventuelles pièces jointes sont
confidentiels. Ils s'adressent exclusivement à la personne destinataire.
Si cet envoi ne vous est pas destiné, ou si vous l'avez reçu par erreur,
et afin de ne pas violer le secret des correspondances, vous ne devez pas
le transmettre à d'autres personnes ni le reproduire. Merci de le renvoyer
à l'émetteur et de le détruire.

Attention : L'Organisme de l'émetteur du message ne pourra être tenu 
responsable de l'altération
du présent courriel. Il appartient au destinataire de vérifier que les
messages et pièces jointes reçus ne contiennent pas de virus.
Les opinions contenues dans ce courriel et ses éventuelles pièces
jointes sont celles de l'émetteur. Elles ne reflètent pas la position de 
l'Organisme
sauf s'il en est disposé autrement dans le présent courriel."
**

RE: [squid-users] Squid Partitions ...

2005-11-14 Thread Gilles ROUTIER 

Ok Thanks.

I have Two Disk.

A this time my conf is like this :
cache_mem 128 mb
cache_dir ufs /cache1 8000 16 256
cache_dir ufs /cache2 8000 16 256

My evolution Would be :

Cache_mem 128 mb
cache_replacement_policy lru
cache_dir ufs /cache1 8000 16 256

cache_replacement_policy heap LFUDA
cache_dir ufs /cache2 8000 16 256


Firstly what think about it?
Secondarily, with this policy of cache, the other objects they will be put
on the cache nevertheless?

Thanks
Gil


-Message d'origine-
De : Matus UHLAR - fantomas [mailto:[EMAIL PROTECTED]
Envoyé : lundi 14 novembre 2005 12:48
À : squid-users@squid-cache.org
Objet : Re: [squid-users] Squid Partitions ...

On 14.11 11:05, Gilles ROUTIER wrote:
> Does Y have it a utility to use two partitions of cache on Squid?

Y?
 
> Of type /cache1 /cache2 ?
>
> Or is only one partition enough it ?

If it's one real disk drive, use only one partition for the cache.
If there are 2 drives, using two separate cache_dir'sis recommended over it.

--
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.


*
"Le contenu de ce courriel et ses eventuelles pièces jointes sont
confidentiels. Ils s'adressent exclusivement à la personne destinataire.
Si cet envoi ne vous est pas destiné, ou si vous l'avez reçu par erreur,
et afin de ne pas violer le secret des correspondances, vous ne devez pas
le transmettre à d'autres personnes ni le reproduire. Merci de le renvoyer
à l'émetteur et de le détruire.

Attention : L'Organisme de l'émetteur du message ne pourra être tenu 
responsable de l'altération
du présent courriel. Il appartient au destinataire de vérifier que les
messages et pièces jointes reçus ne contiennent pas de virus.
Les opinions contenues dans ce courriel et ses éventuelles pièces
jointes sont celles de l'émetteur. Elles ne reflètent pas la position de 
l'Organisme
sauf s'il en est disposé autrement dans le présent courriel."
**

Re: [squid-users] Squid Partitions ...

2005-11-14 Thread Matus UHLAR - fantomas 
On 14.11 13:56, Gilles ROUTIER wrote:
> I have Two Disk.
> 
> A this time my conf is like this :
> cache_mem 128 mb
> cache_dir ufs /cache1 8000 16 256
> cache_dir ufs /cache2 8000 16 256
> 
> My evolution Would be :
> 
> Cache_mem 128 mb
> cache_replacement_policy lru
> cache_dir ufs /cache1 8000 16 256
> 
> cache_replacement_policy heap LFUDA
> cache_dir ufs /cache2 8000 16 256
> 
> 
> Firstly what think about it?

I don't see any problem... if you have ~9GB of free space on those
partitions...

btw why do you want to use different replacement policies?

> Secondarily, with this policy of cache, the other objects they will be put
> on the cache nevertheless?

pardon?

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I feel like I'm diagonally parked in a parallel universe.

RE: [squid-users] Squid Partitions ...

2005-11-14 Thread Gilles ROUTIER 

I want to use to use different replacement policies for optimizing Squid.
It's not a good idea ?

Gil

-Message d'origine-
De : Matus UHLAR - fantomas [mailto:[EMAIL PROTECTED]
Envoyé : lundi 14 novembre 2005 14:27
À : squid-users@squid-cache.org
Objet : Re: [squid-users] Squid Partitions ...

On 14.11 13:56, Gilles ROUTIER wrote:
> I have Two Disk.
>
> A this time my conf is like this :
> cache_mem 128 mb
> cache_dir ufs /cache1 8000 16 256
> cache_dir ufs /cache2 8000 16 256
>
> My evolution Would be :
>
> Cache_mem 128 mb
> cache_replacement_policy lru
> cache_dir ufs /cache1 8000 16 256
>
> cache_replacement_policy heap LFUDA
> cache_dir ufs /cache2 8000 16 256
>
>
> Firstly what think about it?

I don't see any problem... if you have ~9GB of free space on those
partitions...

btw why do you want to use different replacement policies?

> Secondarily, with this policy of cache, the other objects they will be put
> on the cache nevertheless?

pardon?

--
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I feel like I'm diagonally parked in a parallel universe.


*
"Le contenu de ce courriel et ses eventuelles pièces jointes sont
confidentiels. Ils s'adressent exclusivement à la personne destinataire.
Si cet envoi ne vous est pas destiné, ou si vous l'avez reçu par erreur,
et afin de ne pas violer le secret des correspondances, vous ne devez pas
le transmettre à d'autres personnes ni le reproduire. Merci de le renvoyer
à l'émetteur et de le détruire.

Attention : L'Organisme de l'émetteur du message ne pourra être tenu 
responsable de l'altération
du présent courriel. Il appartient au destinataire de vérifier que les
messages et pièces jointes reçus ne contiennent pas de virus.
Les opinions contenues dans ce courriel et ses éventuelles pièces
jointes sont celles de l'émetteur. Elles ne reflètent pas la position de 
l'Organisme
sauf s'il en est disposé autrement dans le présent courriel."
**

[squid-users] Log analyser

2005-11-14 Thread Gix, Lilian (CI/OSR) * 
Hello,

I'm looking for a log analyzer witch give me the number of Mbytes a
client(s) (IP) took on last days (access.log.0,...)

I tried several from squid site, but it never gave this. And it takes
many time to test.

So if you can give me the name of one you know?

Thanks.

L.G.

RE: [squid-users] Log analyser

2005-11-14 Thread Administrateur 
Try this one : sarg

-Message d'origine-
De : Gix, Lilian (CI/OSR) * [mailto:[EMAIL PROTECTED]
Envoyé : lundi 14 novembre 2005 14:43
À : squid-users@squid-cache.org
Objet : [squid-users] Log analyser


Hello,

I'm looking for a log analyzer witch give me the number of Mbytes a
client(s) (IP) took on last days (access.log.0,...)

I tried several from squid site, but it never gave this. And it takes
many time to test.

So if you can give me the name of one you know?

Thanks.

L.G.

Re: [squid-users] Squid mishandling certain kinds of media types

2005-11-14 Thread Henrik Nordstrom 



On Fri, 11 Nov 2005, Gary Buckmaster wrote:


I have a single squid box running FreeBSD that is behaving very strangely.
With certain types of media files, most notably mp3, ra and wmv files, squid
lists them as mime type text/html.


Are you prehaps using a redirector blocking access to these files?

DIRECT/10.0.1.3 says that the URL was fetched from the server with address 
10.0.1.3.  This does not match the address of the host in the URL so I 
strongly suspect there is a redirector rewriting the requested URL.


Regards
Henrik

Re: [squid-users] identification without login

2005-11-14 Thread Henrik Nordstrom 

On Fri, 11 Nov 2005, bernhard wiz wrote:


i have an apache-proxy and want to use squid in front of this proxy to
make something like an user identification based on the
server domain name.


What you mean exacly?


my plan is the following: squid is reachable under the domain
*.proxy.domain.ch. every proxy-user integrates his user-id in the name
of the server domain name of my proxy when he uses the proxy (in the
style of: user-id.proxy.domain.ch).

squid then should use this user-id as authentification name for the
apache-proxy.


Users identifying themselves by which proxy name they have configured in 
their browser?


The domain name set in the proxy settings of the clients is only used by 
the client to find the address of the proxy. It is never transmitted on 
the wire to the proxy.


The proxy can not know what name the client used to resolve the address of 
the proxy. All the proxy knows is which IP address (and port) the client 
connection was accepted on. It can do a reverse-lookup to find what single 
host name is registered in the DNS reverse zone for that IP, but I do not 
think this will help you much.


Regards
Henrik

RE: [squid-users] Log analyser

2005-11-14 Thread Jouvenat, Gregoire 
Or try webalizer!

-Message d'origine-
De : Administrateur [mailto:[EMAIL PROTECTED] 
Envoyé : lundi, 14. novembre 2005 15:00
À : squid-users@squid-cache.org
Objet : RE: [squid-users] Log analyser

Try this one : sarg

-Message d'origine-
De : Gix, Lilian (CI/OSR) * [mailto:[EMAIL PROTECTED]
Envoyé : lundi 14 novembre 2005 14:43
À : squid-users@squid-cache.org
Objet : [squid-users] Log analyser


Hello,

I'm looking for a log analyzer witch give me the number of Mbytes a
client(s) (IP) took on last days (access.log.0,...)

I tried several from squid site, but it never gave this. And it takes
many time to test.

So if you can give me the name of one you know?

Thanks.

L.G.

This message (including any attachments) contains confidential
and/or proprietary information intended only for the addressee.
Any unauthorized disclosure, copying, distribution or reliance on
the contents of this information is strictly prohibited and may
constitute a violation of law.  If you are not the intended
recipient, please notify the sender immediately by responding to
this e-mail, and delete the message from your system.  If you
have any questions about this e-mail please notify the sender
immediately.

Ce message (ainsi que les eventuelles pieces jointes) est
exclusivement adresse au destinataire et contient des
informations
confidentielles. La copie, la communication ou la distribution du
contenu de ce message sans l'accord prealable de l'expediteur
sont strictement interdits et peuvent constituer un delit. Si
vous
n'etes pas destinataire de ce message, merci de le detruire et
d'avertir l'expediteur. Si vous avez des questions se rapportant
a ce courrier electronique, merci de bien vouloir notifier
l'expediteur immediatement.

Re: [squid-users] help: squid logic

2005-11-14 Thread Henrik Nordstrom 



On Sat, 12 Nov 2005, Hendro Susanto wrote:


hi,

I've been using squid for almost 5 years now.
it's working very well.

however, i can't solve the squid configuration for:

STAFF A
STAFF B

STAFF A = NO INTERNET 8.30-15.30, OTHER TIME 64Kbps
STAFF B = NO INTERNET 8.30-15.30 BUT SOME SITES ARE ACCESSIBLE WITH
128Kbps, OTHER TIME 64Kbps WITH ALL SITES IS ACCESSIBLE.




Something like the following should work:


acl staff_A ...
acl staff_B ...
acl office_time time 08:30-15:30
acl allowed_sites dstdomain "/path/to/allowed_sites.txt"

delay pool 1 configured for 64Kbps
delay pool 2 configured for 128Kbps


# Restricted access during office hours
http_access allow staff_B allowed_sites
http_access deny office_time

# Unresticted access at other hours
http_access allow staff_A
http_access allow staff_B


# only 64 Kbps allowed outside office hours
delay_access 1 allow !office_hours

# within office hours 128Kbps
delay_access 2 allow office_hours

Regards
Henrik

Re: [squid-users] software caused connection abort

2005-11-14 Thread Henrik Nordstrom 



On Sat, 12 Nov 2005, Wojciech Puchar wrote:


can such messages

Nov 12 22:01:47 hel squid[22265]: comm_accept: FD 8: (53) Software caused 
connection abort
Nov 12 22:01:47 hel squid[22265]: httpAccept: FD 8: accept failure: (53) 
Software caused connection abort



be disabled in logs?


Yes, by changing the log level of the said message in the source.

look for debug(...)("httpAccept: FD %d: accept failure: ..."

the second number in the debug clause is the log level. 1 is considered 
"important" and is always logged (0 is critical). 2 and above is debug 
info.


Regards
Henrik

Re: [squid-users] Build error! Help! -client_side.o(.text+0xf65): In function `gzip_data':/home/lq/squid-2.5.S12/src/client_side.c:2053: undefined reference to `deflate'

2005-11-14 Thread Henrik Nordstrom 



On Thu, 10 Nov 2005, ro vencentro wrote:


I want to make squid support gzip,but I have a  problem when compiling:

/home/lq/squid-2.5.S12/src/client_side.c:2053: undefined reference to `deflate'


You have not included your gzip library in the link line.

Regards
Henrik

Re: [squid-users] how max-conn= option work after limit exceed

2005-11-14 Thread Henrik Nordstrom 



On Thu, 10 Nov 2005, Vladislav Yershov wrote:


 Question is: other TCP connections (>20)  breaked, or processed in the
 normal fashion (as some other files that not queried via parent)??


When above a peers max-conn limit Squid behaves as if that cache_peer line 
did not exists in the config or the peer is not reachable.


I.e. selects another peer if available, or goes direct unless forbidden.

Regards
Henrik

Re: [squid-users] feature request

2005-11-14 Thread Henrik Nordstrom 



On Tue, 8 Nov 2005, Wojciech Puchar wrote:

is it possible (or will it be implemented) to get list of URLs of cached 
objects in active squid proxy?


Looks for the purge script. Can give you this info.

Regards
Henrik

Re: [squid-users] "Binding" IP address to username

2005-11-14 Thread Henrik Nordstrom 

On Wed, 9 Nov 2005, Pieter De Wit wrote:

I would like to know how I can "bind" an IP address to a username in 
squid. So let's say I have a user called user1 and a machine on IP 
1.2.3.4. I would like squid to log any requests that come from 1.2.3.4 
as if the user user1 logged in.


You can do this via an external acl helper returning the username for the 
IP.


See external_acl_type directive for details.

This also controls how long Squid should maintain the binding before 
quering the helper again.


Regards
Henrik

Re: [squid-users] characters in access.log

2005-11-14 Thread Henrik Nordstrom 

On Mon, 7 Nov 2005, Administrateur wrote:


I'm using ntlm authentication and some users (french) have characters like ë,é 
in their login. In access.log this gives something like %c3%a. Does squid 
support such characters ?


Yes.

To guarantee that the resulting log file can be parsed in a meaningful 
manner any "odd" data is URL-escaped on the form %nn where nn is the 
hexadecimal value of the character.


Regards
Henrik

Re: [squid-users] TCP_MISS/000

2005-11-14 Thread Henrik Nordstrom 



On Mon, 7 Nov 2005, pat wrote:


Hi all

I am running squid 2.5 stable 11 on a freebsd box running 5.1 RELEASE.

When trying to access http://www.eibtm.com I get the following message.

1131348201.489 110218 xx.xx.xx.xx TCP_MISS/000 0 GET http://www.eibtm.com/ -
NONE/- -


TCP_MISS/000 means there was no response. Usually client aborted.

NONE/- indicates Squid could not find where to send the request. I.e. 
probably DNS related problems.



A "squid -k debug" while having the problem and requesting the failing 
site may sched some additional light on the problem (or perhaps not.. 
gives quite a handful of data to look at...)


Regards
Henrik

Re: [squid-users] Forcing cache of documents in reverse proxy

2005-11-14 Thread Henrik Nordstrom 

On Sat, 5 Nov 2005, Alex Davies wrote:


Mainly my question is there a way of telling squid to ignore any
cache-control headers and cache all content for 1 hour, with the most
common content cached in RAM and the rest cached on disk?


Not all, but you can bend the rules quite far with refresh_pattern.


Secondly, does anyone have any configuration advice for a setup such as this?


Don't. Instead fix the web server to give proper cache-control.

Regards
Henrik

RE: [squid-users] Squid unreachable every hour and 6 minutes.

2005-11-14 Thread Gix, Lilian (CI/OSR) * 
I don't know if I right saw, but I think Squid leaved the task list of
the TOP command.

Any Idea ?
PS : Cron has been stop.

Gix Lilian


-Original Message-
From: Robert Borkowski [mailto:[EMAIL PROTECTED] 
Sent: Freitag, 11. November 2005 17:44
To: Gix, Lilian (CI/OSR) *
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid unreachable every hour and 6 minutes.

Gix, Lilian (CI/OSR) * wrote:
> It's nearly what I already tried.
> 
> (1) Ok
> (2) I had : cache_dir ufs /cache 5000 16 256
> (3) mke2fs -j -c /dev/cciss/c0d0p6  (/dev/cciss/c0d0p6 is my Cache
partition)
> (3) ok
> (4) /etc/init.d squid start.
> 
> 
> The effect was exactly the same : squid stop every hour.
> 
> So I tried :
> 
> (2) changed : cache_dir ufs /cache 100 16 256
> (4) squid -k reconfigure
> 
> Same result.
> 
> Then a last sing I did :
> (1) Stop Squid
> (3) cd /cache
> rm cache.swap
> (4) Start Squid
> 
> And again ... Same result.

Can you clarify something for me? When you say every hour and 6 minutes,
do you mean squid restarts every 66 minutes, or 
  6 minutes past every hour (1:06, 2:06, 3:06)

If it's the second one, then try turning off the cron daemon about 15
minutes before the new hour
/etc/init.d/cron stop

-- 
Robert Borkowski

RE: [squid-users] characters in access.log

2005-11-14 Thread Administrateur 
Does it mean I have to replace every hexadecimal value with accented characters 
if I want to retrieve original login ?

thanks,

regards



-Message d'origine-
De : Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Envoyé : lundi 14 novembre 2005 15:53
À : Administrateur
Cc : squid-users@squid-cache.org
Objet : Re: [squid-users] characters in access.log


On Mon, 7 Nov 2005, Administrateur wrote:

> I'm using ntlm authentication and some users (french) have characters like 
> ë,é in their login. In access.log this gives something like %c3%a. Does squid 
> support such characters ?

Yes.

To guarantee that the resulting log file can be parsed in a meaningful 
manner any "odd" data is URL-escaped on the form %nn where nn is the 
hexadecimal value of the character.

Regards
Henrik

[squid-users] trying to understand squid_ldap_group

2005-11-14 Thread Andreas Bittner 
Hello squid users,

im trying to figure out how the squid_ldap_auth and squid_ldap_group
stuff works, and im kinda new to ldap. i like to setup and understand a
very basic setup.

i read through a number of postings on the list, and also some webpages,
for example: 

just a few users in different groups, and wanting to allow certain users
http access:

my problem of understanding is basically, if i have a simple company
(ldap tree) like on that page, with three groups, it-services, sales and
management, how do i create a group that is allowed to surf the google
pages. i somehow cant figure out what the ldap tree is going to look
like then?

also do i need to use both the squid_ldap_auth and squid_ldap_group
(most of the postings i found, indicate so, but i dont understand why,
as both squid_ldap_auth and squid_ldap_group both authenticate
themselves to the ldap server)

i dont quite understand what the author of the page means by
> A group is just a list of dinstiguished names

any hints?

how does the squid_ldap_group program actually check if the user that is
http-authenticating against the squid belongs to this set of
distinguished names? do i need to add the users tim and tina somehow to
the ldap tree in cn=googleallowed,ou=Proxygroups,o=Company? what does
the ldap tree look like as whole for this example from that page?

Thanks for helping to figure it out.
Best regards.

RE: [squid-users] characters in access.log

2005-11-14 Thread Henrik Nordstrom 

On Mon, 14 Nov 2005, Administrateur wrote:


Does it mean I have to replace every hexadecimal value with accented characters 
if I want to retrieve original login ?


Yes.

Regards
Henrik

RE: [squid-users] Squid unreachable every hour and 6 minutes.

2005-11-14 Thread Gix, Lilian (CI/OSR) * 
Hello,

So, I confirm, my squid died: it leaved TOP list and get a new PID.

What could be the reason?
I saw another task running with Squid User: UNLINKD.
Could it be the reason ?

Gix Lilian


-Original Message-
From: Robert Borkowski [mailto:[EMAIL PROTECTED] 
Sent: Freitag, 11. November 2005 17:44
To: Gix, Lilian (CI/OSR) *
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid unreachable every hour and 6 minutes.

Gix, Lilian (CI/OSR) * wrote:
> It's nearly what I already tried.
> 
> (1) Ok
> (2) I had : cache_dir ufs /cache 5000 16 256
> (3) mke2fs -j -c /dev/cciss/c0d0p6  (/dev/cciss/c0d0p6 is my Cache
partition)
> (3) ok
> (4) /etc/init.d squid start.
> 
> 
> The effect was exactly the same : squid stop every hour.
> 
> So I tried :
> 
> (2) changed : cache_dir ufs /cache 100 16 256
> (4) squid -k reconfigure
> 
> Same result.
> 
> Then a last sing I did :
> (1) Stop Squid
> (3) cd /cache
> rm cache.swap
> (4) Start Squid
> 
> And again ... Same result.

Can you clarify something for me? When you say every hour and 6 minutes,
do you mean squid restarts every 66 minutes, or 
  6 minutes past every hour (1:06, 2:06, 3:06)

If it's the second one, then try turning off the cron daemon about 15
minutes before the new hour
/etc/init.d/cron stop

-- 
Robert Borkowski

Re: [squid-users] trying to understand squid_ldap_group

2005-11-14 Thread Henrik Nordstrom 

On Mon, 14 Nov 2005, Andreas Bittner wrote:


im trying to figure out how the squid_ldap_auth and squid_ldap_group
stuff works, and im kinda new to ldap. i like to setup and understand a
very basic setup.


squid_ldap_auth verifies the users password by trying to log in to the 
LDAP directory using the user supplied password.


squid_ldap_group checks if the user is member of a given group by 
searching for the membership in the LDAP directory.



my problem of understanding is basically, if i have a simple company
(ldap tree) like on that page, with three groups, it-services, sales and
management, how do i create a group that is allowed to surf the google
pages. i somehow cant figure out what the ldap tree is going to look
like then?



Do you need an additional group, or can you construct your criteria based 
on the existing groups?



also do i need to use both the squid_ldap_auth and squid_ldap_group


yes, most likely.



i dont quite understand what the author of the page means by
A group is just a list of dinstiguished names


This is an LDAP term.

In LDAP everything (user, group, computer, company, table, spoon, office, 
chair, whatever) has a dinstiguished name which identifies the object 
within the LDAP tree. Normally groups in LDAP is constructing by listing 
the objects which are member of the group by their dinstiguished name.


  DN: CN=SomeGroup, OU=Engineering, DC=company, DC=com
  CN: Some Group
  objectClass: groupOfNames
  member: CN=Some User, OU=Engineering, DC=company, DC=com
  member: CN=Another User, OU=Engineering, DC=company, DC=com

Other ways also exists. LDAP is just an standard on how to access 
directory data, not how it should be organized. Another quite common 
method is to list the members by their login name, not caring that much 
for the LDAP structure of things.


squid_ldap_group requires that the group object lists it's members either 
by the login name, or by the corresponding user objects dinstiguished 
names.


Regards
Henrik

RE: AW: [squid-users] Squid unreachable every hour and 6 minutes.

2005-11-14 Thread Gix, Lilian (CI/OSR) * 
Hello,

Do you have some name for such software ?

Thanks

Gix Lilian


-Original Message-
From: Dave Raven [mailto:[EMAIL PROTECTED] 
Sent: Freitag, 11. November 2005 17:16
To: Gix, Lilian (CI/OSR) *; squid-users@squid-cache.org
Subject: RE: AW: [squid-users] Squid unreachable every hour and 6
minutes.

Run squid under some sort of trace program - you'll need to see whats
causing it to crash... 

-Original Message-
From: Gix, Lilian (CI/OSR) * [mailto:[EMAIL PROTECTED] 
Sent: 11 November 2005 09:45 AM
To: Serassio Guido; Chris Robertson; squid-users@squid-cache.org
Subject: RE: AW: [squid-users] Squid unreachable every hour and 6
minutes.

Hello,

Webalizer is a software to create some statistic on squid Log files.

But even if I disable it, I didn't see any difference. Restart
continues.

L.G.


-Original Message-
From: Serassio Guido [mailto:[EMAIL PROTECTED]
Sent: Freitag, 11. November 2005 08:36
To: Chris Robertson; squid-users@squid-cache.org
Subject: RE: AW: [squid-users] Squid unreachable every hour and 6
minutes.

Hi,

At 19.53 10/11/2005, Chris Robertson wrote:
> > > 0 0 * * * /etc/webmin/webalizer/webalizer.pl
> > /cache_log/access.log
> >
> > What is the content of webalizer.pl ?
> >
> > Regards
> >
> > Guido
> >
> >
>
>Does it matter? It only runs once per day (at midnight).

It's the only custom script related to squid present on crontab, so why
don't check it when squid is still doing unexpected things ? It's a work
of
half minute 

Regards

Guido



-

Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1   10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135  Fax. : +39.011.9781115
Email: [EMAIL PROTECTED]
WWW: http://www.acmeconsulting.it/

RE: [squid-users] Squid unreachable every hour and 6 minutes.

2005-11-14 Thread Gix, Lilian (CI/OSR) * 
Hello,

Squid stop 6 minutes past every hour (1:06, 2:06, 3:06)
I stopped cron, and the problem still here 

Gix Lilian


-Original Message-
From: Robert Borkowski [mailto:[EMAIL PROTECTED] 
Sent: Freitag, 11. November 2005 17:44
To: Gix, Lilian (CI/OSR) *
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid unreachable every hour and 6 minutes.

Gix, Lilian (CI/OSR) * wrote:
> It's nearly what I already tried.
> 
> (1) Ok
> (2) I had : cache_dir ufs /cache 5000 16 256
> (3) mke2fs -j -c /dev/cciss/c0d0p6  (/dev/cciss/c0d0p6 is my Cache
partition)
> (3) ok
> (4) /etc/init.d squid start.
> 
> 
> The effect was exactly the same : squid stop every hour.
> 
> So I tried :
> 
> (2) changed : cache_dir ufs /cache 100 16 256
> (4) squid -k reconfigure
> 
> Same result.
> 
> Then a last sing I did :
> (1) Stop Squid
> (3) cd /cache
> rm cache.swap
> (4) Start Squid
> 
> And again ... Same result.

Can you clarify something for me? When you say every hour and 6 minutes,
do you mean squid restarts every 66 minutes, or 
  6 minutes past every hour (1:06, 2:06, 3:06)

If it's the second one, then try turning off the cron daemon about 15
minutes before the new hour
/etc/init.d/cron stop

-- 
Robert Borkowski

[squid-users] Squid authentication through LDAP

2005-11-14 Thread wlagmay 


Hi all,

 I was able to setup squid with basic_ncsa authentication, the only problem I'm
encountering with basic_ncsa, everytime a user opens a new browser the squid
always requires a username and password.

 Im just wondering if this problem will be solve by LDAP authentication? Also
can you anybody redirect me to the most complete and simple installation and
configuration site of LDAP?

thank you very much,

Wennie

Re: [squid-users] Long Query String results in Invalid response

2005-11-14 Thread Matus UHLAR - fantomas 
On 13.11 13:40, Sears, Shawn wrote:
> I thought you said to tweak the request_header_max_size? 

I wasn't sure if you have the old default of 10 kB or the new default of
20kB (or probably other too small value). 20 kB is enough and according to
its description in squid.conf it should be enough.

> I have tried multiple browsers on multiple operating systems.

> > This is the message I recieve in the browser from Squid.   I turned the
> > debuging up to 9 and didn't see any glaring errors. Is ther something I
> > should be looking for?

if squid returned an error message, there should be something in cache.log.
don't you have any parent proxy upstream?

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."

Re: [squid-users] Squid Partitions ...

2005-11-14 Thread Matus UHLAR - fantomas 
On 14.11 11:05, Gilles ROUTIER wrote:
> Does Y have it a utility to use two partitions of cache on Squid?

Y? 
  
> Of type /cache1 /cache2 ?
> 
> Or is only one partition enough it ?

If it's one real disk drive, use only one partition for the cache.
If there are 2 drives, using two separate cache_dir'sis recommended over it.

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.

Re: [squid-users] Squid authentication through LDAP

2005-11-14 Thread Christoph Haas 
On Monday 14 November 2005 12:29, [EMAIL PROTECTED] wrote:
>  I was able to setup squid with basic_ncsa authentication, the only
> problem I'm encountering with basic_ncsa, everytime a user opens a new
> browser the squid always requires a username and password.

That's the way authentication works. The credentials are only kept while 
one browser window is open. If you close your browser and open it again it 
does not know your login credentials any longer and has to ask again.

>  Im just wondering if this problem will be solve by LDAP authentication?

No. Unless you have Windows clients and have the possibility to use NTLM 
authentication you will always have to authenticate. In the case of NTLM 
this is done by passing through your login credentials.

> Also can you anybody redirect me to the most complete and simple
> installation and configuration site of LDAP?

LDAP is just a protocol. You need a backend directory that you query 
through LDAP. If you don't have such a directory yet then take a look at 
OpenLDAP.

Also see: http://workaround.org/moin/SquidLdap

 Christoph
-- 
~
~
~
".signature" [Modified] 3 lines --100%--3,41 All

[squid-users] Log File Parsing Advice Needed

2005-11-14 Thread Vadim Pushkin 

hello.

I am looking for a tool to parse my squid files on a sparc/solaris server.  
I am unable to install any sort of http server so I my choices are limited 
from what I can tell.


Can anyone recommend a tool for creating files that I could download and 
view elsewhere? (i.e., not the squid server, unless it is a text based 
report).


AFAIK, sarg requires apache too, no?

thank you,

.vp

  Vadim Anatoly Pushkin
-- The Ukranian Stallion --

Re: [squid-users] Log File Parsing Advice Needed

2005-11-14 Thread Roger 
Calamaris can do a cli parsing of log files.  Default is to output to
screen, but could be used to output to a file.  It also has an HTML
format output. 

Around Mon, Nov 14, 2005 at 06:44:12PM +,  Vadim Pushkin, wrote:
> hello.
> 
> I am looking for a tool to parse my squid files on a sparc/solaris server.  
> I am unable to install any sort of http server so I my choices are limited 
> from what I can tell.
> 
> Can anyone recommend a tool for creating files that I could download and 
> view elsewhere? (i.e., not the squid server, unless it is a text based 
> report).
> 
> AFAIK, sarg requires apache too, no?
> 
> thank you,
> 
> .vp
> 
>   Vadim Anatoly Pushkin
> -- The Ukranian Stallion --
> 
> 

-- 
Roger Morris
687-3579
[EMAIL PROTECTED]

Re: [squid-users] Log File Parsing Advice Needed

2005-11-14 Thread Kevin 
On 11/14/05, Vadim Pushkin <[EMAIL PROTECTED]> wrote:
> I am looking for a tool to parse my squid files on a sparc/solaris server.
> I am unable to install any sort of http server so I my choices are limited
> from what I can tell.
>
> Can anyone recommend a tool for creating files that I could download and
> view elsewhere? (i.e., not the squid server, unless it is a text based
> report).

Calamaris can produce a plaintext report.

You could use a trick to have Squid itself serve up a HTML report as
an internal document, but this would be a hack at best, and it could
be tricky to force Squid to refresh the internal document when you
generate a new report...

Kevin Kadow

RE: [squid-users] Squid mishandling certain kinds of media types

2005-11-14 Thread Gary Buckmaster 
Yep, sure enough.  An unfortunate entry in a squidguard expressions file was
rendering all media elements URLS as block items.  Thanks very much for that
pointer.

-Gary

-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: Monday, November 14, 2005 8:10 AM
To: Gary Buckmaster
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid mishandling certain kinds of media
types




On Fri, 11 Nov 2005, Gary Buckmaster wrote:

> I have a single squid box running FreeBSD that is behaving very strangely.
> With certain types of media files, most notably mp3, ra and wmv files,
squid
> lists them as mime type text/html.

Are you prehaps using a redirector blocking access to these files?

DIRECT/10.0.1.3 says that the URL was fetched from the server with address
10.0.1.3.  This does not match the address of the host in the URL so I
strongly suspect there is a redirector rewriting the requested URL.

Regards
Henrik

Re: [squid-users] Log File Parsing Advice Needed

2005-11-14 Thread Vadim Pushkin 

thank you kevin.

i was not sure what the status with calamaris was, i downloaded it but it 
appears to need some extra perl-mods that i did not have.  i will download 
them and try again.


thank you.

.vp


From: Kevin <[EMAIL PROTECTED]>
To: squid-users@squid-cache.org
CC: Vadim Pushkin <[EMAIL PROTECTED]>
Subject: Re: [squid-users] Log File Parsing Advice Needed
Date: Mon, 14 Nov 2005 12:59:25 -0600
MIME-Version: 1.0
Received: from squid-cache.org ([206.168.0.9]) by mc7-f33.hotmail.com with 
Microsoft SMTPSVC(6.0.3790.211); Mon, 14 Nov 2005 11:02:03 -0800

Received: (qmail 99318 invoked by uid 1007); 14 Nov 2005 18:59:25 -
Received: (qmail 99306 invoked from network); 14 Nov 2005 18:59:25 -
X-Message-Info: JGTYoYF78jEHjJx36Oi8+Z3TmmkSEdPtfpLB7P/ybN8=
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
Precedence: bulk
List-Post: 
List-Help: 
List-Unsubscribe: 
List-Subscribe: 
Delivered-To: mailing list squid-users@squid-cache.org
References: <[EMAIL PROTECTED]>
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 14 Nov 2005 19:02:04.0335 (UTC) 
FILETIME=[E6C4FBF0:01C5E94D]


On 11/14/05, Vadim Pushkin <[EMAIL PROTECTED]> wrote:
> I am looking for a tool to parse my squid files on a sparc/solaris 
server.
> I am unable to install any sort of http server so I my choices are 
limited

> from what I can tell.
>
> Can anyone recommend a tool for creating files that I could download and
> view elsewhere? (i.e., not the squid server, unless it is a text based
> report).

Calamaris can produce a plaintext report.

You could use a trick to have Squid itself serve up a HTML report as
an internal document, but this would be a hack at best, and it could
be tricky to force Squid to refresh the internal document when you
generate a new report...

Kevin Kadow

Re: [squid-users] trying to understand squid_ldap_group

2005-11-14 Thread Andreas Bittner 
Henrik Nordstrom wrote:
> squid_ldap_group checks if the user is member of a given group by
> searching for the membership in the LDAP directory.

i think this step is my problem. how do i tell the squid_ldap_group the
group it should actually check the HTTP-AUTHenticated user against?

>   DN: CN=SomeGroup, OU=Engineering, DC=company, DC=com
>   CN: Some Group
>   objectClass: groupOfNames
>   member: CN=Some User, OU=Engineering, DC=company, DC=com
>   member: CN=Another User, OU=Engineering, DC=company, DC=com

ok, so for the example on the page
 i have created the ldif:

DN: CN=googleallowed, OU=Proxygroups, DC=company
CN: googleallowed
objectClass: groupOfNames
member: CN=Tim, OU=IT-Services, DC=company
member: CN=Tina, OU=Management, DC=company

is this correct? so when i first try to surf the web, my browser comes
up with a username/password http-authentication window. if i enter
Tim/Timspassword there, the the squid_ldap_group should check in the
LDAP-Database if Tim belongs to a certain group.

But how do i tell the program which group i want?

what does the %a parameter mean in here exactly, or rather where does it
come from and with what does it get filled?

> external_acl_type ldapgroup %LOGIN /usr/lib/squid/squid_ldap_group -b 
> o=Company
>-f 
> (&(objectclass=person)(cn=%v)(groupMembership=cn=%a,ou=Proxygroups,o=Company))
>-D cn=Tim,ou=IT-Services,o=Company -w timspassword -h ldapserver

the %LOGIN is the username "Tim" which i enter in my browser, also the
parameter %v, but how does it select the actual group where i want to
check if "CN=Tim, OU=IT-Services, DC=company" actually is a member?

I have to submit the groupname "googlegroups" somehow, but i am missing
this step

or does the acl line:

> acl ldapgroup-googleallowed external ldapgroup googleallowed

does this very checking against the groupd "googleallowed"? since it's
using ldapgroup which again derives from external_acl_typ ldapgroup
%LOGIN

Thanks already.
Regards.

re: [squid-users] identification without login

2005-11-14 Thread bernhard wiz 
On Fri, 14 Nov 2005, henrik nordstrom wrote:

> Users identifying themselves by which proxy name they have configured in
> their browser?

exactly.

> The proxy can not know what name the client used to resolve the address of
> the proxy. All the proxy knows is which IP address (and port) the client
> connection was accepted on. It can do a reverse-lookup to find what single
> host name is registered in the DNS reverse zone for that IP, but I do not
> think this will help you much.

would it works if the subdomains for the proxy are listed in the
zone-file of the dns-server?

imho it is possible to make virtual hosts with apache for every single
subdomain. i don't know if it slows down the apache server alot if i
have 1000 different virtual hosts in my config, but it seems to be the
only way to identify my proxy-users without authentification or on the
basis of different ports.
i thought there could be a more efficiently way to do this with squid.

-- 
lg bernhard

re: [squid-users] identification without login

2005-11-14 Thread bernhard wiz 
> On Fri, 14 Nov 2005, bernhard wiz wrote:

>> The proxy can not know what name the client used to resolve the address of
>> the proxy. All the proxy knows is which IP address (and port) the client
>> connection was accepted on. It can do a reverse-lookup to find what single
>> host name is registered in the DNS reverse zone for that IP, but I do not
>> think this will help you much.

> would it works if the subdomains for the proxy are listed in the
> zone-file of the dns-server?

it seems i was mistaken. i could not find a way to have more than one
proxy on an ip. thanks that you referred me to it.

-- 
lg bernhard

[squid-users] Too few authenticator processes are running

2005-11-14 Thread Matt Alexander 
We have a RedHat 7.2 box running squid-2.4.STABLE1-6.  Today we started 
getting these errors in /var/log/messages:


(squid): Too few authenticator processes are running
squid[26701]: Squid Parent: child process 5208 exited with status 1
dansguardian: Error connecting to proxy


In the cache.log, we get squid restarting about once a minute:

(squid_ldap_auth): error.c:221: ldap_parse_result: Assertion `r != 
((void *)0)' failed.

2005/11/14 20:35:09| WARNING: authenticator #1 (FD 26) exited
2005/11/14 20:35:09| storeLateRelease: released 0 objects
(squid_ldap_auth): error.c:221: ldap_parse_result: Assertion `r != 
((void *)0)' failed.

2005/11/14 20:35:11| WARNING: authenticator #2 (FD 27) exited
(squid_ldap_auth): error.c:221: ldap_parse_result: Assertion `r != 
((void *)0)' failed.

2005/11/14 20:35:35| WARNING: authenticator #3 (FD 28) exited
(squid_ldap_auth): error.c:221: ldap_parse_result: Assertion `r != 
((void *)0)' failed.

2005/11/14 20:35:37| WARNING: authenticator #4 (FD 29) exited
(squid_ldap_auth): error.c:221: ldap_parse_result: Assertion `r != 
((void *)0)' failed.

2005/11/14 20:39:20| WARNING: authenticator #5 (FD 30) exited
(squid_ldap_auth): error.c:221: ldap_parse_result: Assertion `r != 
((void *)0)' failed.

2005/11/14 20:49:21| WARNING: authenticator #6 (FD 31) exited
[EMAIL PROTECTED] squid]# -DEN> tail -100 cache.log
2005/11/14 20:34:23| WARNING: authenticator #3 (FD 28) exited
(squid_ldap_auth): error.c:221: ldap_parse_result: Assertion `r != 
((void *)0)' failed.

2005/11/14 20:34:28| WARNING: authenticator #4 (FD 29) exited
(squid_ldap_auth): error.c:221: ldap_parse_result: Assertion `r != 
((void *)0)' failed.

2005/11/14 20:34:28| WARNING: authenticator #5 (FD 30) exited
(squid_ldap_auth): error.c:221: ldap_parse_result: Assertion `r != 
((void *)0)' failed.

2005/11/14 20:34:33| WARNING: authenticator #6 (FD 31) exited
(squid_ldap_auth): error.c:221: ldap_parse_result: Assertion `r != 
((void *)0)' failed.

2005/11/14 20:34:33| WARNING: authenticator #7 (FD 32) exited
(squid_ldap_auth): error.c:221: ldap_parse_result: Assertion `r != 
((void *)0)' failed.

2005/11/14 20:34:38| WARNING: authenticator #8 (FD 33) exited
(squid_ldap_auth): error.c:221: ldap_parse_result: Assertion `r != 
((void *)0)' failed.

2005/11/14 20:34:38| WARNING: authenticator #9 (FD 34) exited
(squid_ldap_auth): error.c:221: ldap_parse_result: Assertion `r != 
((void *)0)' failed.

2005/11/14 20:34:40| WARNING: authenticator #10 (FD 35) exited
(squid_ldap_auth): error.c:221: ldap_parse_result: Assertion `r != 
((void *)0)' failed.

2005/11/14 20:34:43| WARNING: authenticator #11 (FD 36) exited
2005/11/14 20:34:43| storeDirWriteCleanLogs: Starting...
2005/11/14 20:34:43| 65536 entries written so far.
2005/11/14 20:34:43|131072 entries written so far.
2005/11/14 20:34:43|196608 entries written so far.
2005/11/14 20:34:43|262144 entries written so far.
2005/11/14 20:34:43|327680 entries written so far.
2005/11/14 20:34:43|393216 entries written so far.
2005/11/14 20:34:43|458752 entries written so far.
2005/11/14 20:34:44|524288 entries written so far.
2005/11/14 20:34:44|589824 entries written so far.
2005/11/14 20:34:44|655360 entries written so far.
2005/11/14 20:34:44|   Finished.  Wrote 665962 entries.
2005/11/14 20:34:44|   Took 1.0 seconds (667070.0 entries/sec).
FATAL: Too few authenticator processes are running
Squid Cache (Version 2.4.STABLE1): Terminated abnormally.
CPU Usage: 22.240 seconds = 9.850 user + 12.390 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 361
Memory usage for squid via mallinfo():
  total space in arena:   65102 KB
  Ordinary blocks:65072 KB 15 blks
  Small blocks:   0 KB  0 blks
  Holding blocks:   568 KB  3 blks
  Free Small blocks:  0 KB
  Free Ordinary blocks:  30 KB
  Total in use:   65640 KB 101%
  Total free:30 KB 0%
2005/11/14 20:34:47| Starting Squid Cache version 2.4.STABLE1 for 
i386-redhat-linux-gnu...



Any ideas as to what might have happened?  Here's the squid.conf:

icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
maximum_object_size 25600 KB
cache_dir ufs /squidcache 9500 16 256
ftp_user [EMAIL PROTECTED]
redirect_program /usr/local/bin/squidGuard
redirect_children 20
authenticate_program /usr/lib/squid/squid_ldap_auth -u cn -b 
dc=domain,dc=com -s sub -D cn=squid,ou=dept,dc=domain,dc=com -w squid -f 
(&(memberof=CN=internet,cn=users,dc=domain,dc=com)(samaccountname=%s)) 
server.domain.com

authenticate_children 20
authenticate_ttl 8 hour
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl manager proto cache_object
http_access allow manager localhost
acl SSL_ports port 443 444 563 2346 8443
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 444 563 # https, snews
acl Safe_po

[squid-users] mime / header in log files

2005-11-14 Thread Brent Clark 

HI all

Ive been dambling in looking at the squid logs and seeing what various client 
spew out.

[User-Agent: Skype%99 1.4\r\nHost: ui.skype.com\r\nCache-Control: no-cache\r\n]

[User-Agent: Trillian/70 (Windows; I; 32-bit)\r\n]

So for those out there, I think its safe to say, you cant deny based on the 
client used, for e.g. MSN, skype etc.


But what I find interesting is that when I use Limewire, (Limewire was 
configured to use a proxy), I see the following

1131984629.391 344902 192.168.111.213 TCP_MISS/200 3213 CONNECT 
66.65.39.72:6348 - DIRECT/66.65.39.72 - [] []

So my question, why would a client need / want to disguise its self, and do you not think it would be avisable / safe 
to deny based on no client declaration been given. I sure this can help stop limewire etc.


Just something I was thinking.

Kind Regards
Brent Clark

Re: [squid-users] trying to understand squid_ldap_group

2005-11-14 Thread Ghislain Garcon 
Andreas Bittner wrote :

>Henrik Nordstrom wrote:
>  
>
>>squid_ldap_group checks if the user is member of a given group by
>>searching for the membership in the LDAP directory.
>>
>>
>
>i think this step is my problem. how do i tell the squid_ldap_group the
>group it should actually check the HTTP-AUTHenticated user against?
>
>  
>
>>  DN: CN=SomeGroup, OU=Engineering, DC=company, DC=com
>>  CN: Some Group
>>  objectClass: groupOfNames
>>  member: CN=Some User, OU=Engineering, DC=company, DC=com
>>  member: CN=Another User, OU=Engineering, DC=company, DC=com
>>
>>
>
>ok, so for the example on the page
> i have created the ldif:
>
>DN: CN=googleallowed, OU=Proxygroups, DC=company
>CN: googleallowed
>objectClass: groupOfNames
>member: CN=Tim, OU=IT-Services, DC=company
>member: CN=Tina, OU=Management, DC=company
>
>is this correct? so when i first try to surf the web, my browser comes
>up with a username/password http-authentication window. if i enter
>Tim/Timspassword there, the the squid_ldap_group should check in the
>LDAP-Database if Tim belongs to a certain group.
>
>But how do i tell the program which group i want?
>
>  
>
As a parameter of the ACL :

external_acl_type ldap_group %LOGIN /path/to/squid_ldap_group ...

acl group1 external ldap_group Group1

acl group2 external ldap_group Group2

With this declaration, the first argument passed to the helper is the
LOGIN and the second is the Group to match. This is what the helper is
waiting for.
Then, %v in the example of Henrik will be replaced by the %LOGIN value
and the %a will be replaced by the group given in the ACL declaration.

>what does the %a parameter mean in here exactly, or rather where does it
>come from and with what does it get filled?
>
>  
>
>>external_acl_type ldapgroup %LOGIN /usr/lib/squid/squid_ldap_group -b 
>>o=Company
>>   -f 
>> (&(objectclass=person)(cn=%v)(groupMembership=cn=%a,ou=Proxygroups,o=Company))
>>   -D cn=Tim,ou=IT-Services,o=Company -w timspassword -h ldapserver
>>
>>
>
>the %LOGIN is the username "Tim" which i enter in my browser, also the
>parameter %v, but how does it select the actual group where i want to
>check if "CN=Tim, OU=IT-Services, DC=company" actually is a member?
>
>I have to submit the groupname "googlegroups" somehow, but i am missing
>this step
>
>or does the acl line:
>
>  
>
This is the query search after the "-f" which must link the Login and
the Group (RFC 2254).

>>acl ldapgroup-googleallowed external ldapgroup googleallowed
>>
>>
>
>does this very checking against the groupd "googleallowed"? since it's
>using ldapgroup which again derives from external_acl_typ ldapgroup
>%LOGIN
>
>  
>
See above.

>Thanks already.
>Regards.
>  
>
Regards.

Ghislain Garçon