The config you have is doing client-first bumping (bump at step). It happens before the real cert or server details are available. As such any number of TLS features or extensions may be missing (or added) by squid that indicate problems to the browser.If you can use a config the peek/stare/splice
The issue is many layers of caching and interdependent data.Once the auth backend system is producing the right output the group helper cache needs to expire, then lookups by that helper will be correct.Then all the tcp connections holding onto that users credentials need to close. Only once all
Have You tried to use external_acl_type for group membership checks?
Something like this should do the trick:
external_acl_type ad_group_member_check ttl=120 %LOGIN
/usr/lib/squid/ext_ldap_group_acl -d -R -K -S -b "dc=ng,dc=tech" -D
sq...@ng.tech -W /etc/squid/ldappass.txt -f
On 1/20/21 3:21 PM, John Zhu wrote:
> I implemented ICAP in java. I have questions regarding the “data
> trickling” to handle slow response for large file scanning from ICAP.
> 1) Java libraries available for data trickling at ICAP side, if any?
FWIW, implementing a production ICAP server from
