On Thu, 2006-12-14 at 08:47 +0100, Axel Westerhold wrote: > There is one more change I am currently testing. The > problem with this patch: > > It does not follow any ICAP document but only enables squid to get rid of > the DOMAIN part frpm an NTLM Auth so I can use the result string as a query > on samaccountname. Would it be possible to add this too ?
I assume we talking about modifying the authenticated client username, passed via the icap_client_username_header to the ICAP server. I believe the right thing to do here is similar to what Jeremy Hall did with the icap_auth_scheme in http://www.squid-cache.org/mail-archive/squid-dev/200611/0066.html I would suggest to add an "icap_authenticated_user_header_value" option that takes a string with the following supported substitutions: %U -- complete username, as is %N -- username without the domain part %% -- percent I think we do not need a default value here, but would not object to "Local://%U" if somebody insists on having a default. The current "icap_client_username_header" option should be renamed to "icap_authenticated_user_header_name". The current "icap_client_username_encode" option should be renamed to "icap_authenticated_user_header_encode". "On" should be the default, I guess. The three icap_authenticated_user_* options can be merged into one multivalued option: icap_authenticated_user_header [<name>":"] [<encoding>"("] <value> [")"] For example, icap_authenticated_user_header X-Authenticated-User: base64(Local://%U) or icap_authenticated_user_header identity(%N) Thank you, Alex. > Am 14.12.2006 6:25 Uhr schrieb "Alex Rousskov" unter > <[EMAIL PROTECTED]>: > > > On Mon, 2006-12-04 at 12:57 +0100, Axel Westerhold wrote: > >> Hi everyone, > >> > >> Second try this time hopefully complete. > >> > >> This is again patched against Squid 3 HEAD and includes 4 changes I would > >> like to have when working with webwasher/squid systems. > >> > >> > >> A.) ICAPServiceRep::TheSessionFailureLimit set through squid.conf > >> B.) ICAPServiceRep delay for a down service set through squid.conf > >> C.) Instead of hardcoding the Header used to transfer the username being > >> able to set the used one through squid.conf > >> D.) When using X-Authenticated-User in C I need the username to be base64 > >> encoded so I added another option to turn on encoding if needed. > > > > The above changes, with minor modifications are now committed to > > squid3-icap branch. The corresponding patch is attached. > > > > I took the liberty to rename some of your new squid.conf options as well > > as polish squid.conf comments and code. A negative value for the > > icap_service_failure_limit disables the limit feature. > > > > Please test and let me know whether any further changes are needed. > > > > Thank you, > > > > Alex. > > >
