]>
Commit | Line | Data |
---|---|---|
a2c8080d AJ |
1 | .if !'po4a'hide' .TH ext_edirectory_userip_acl 8 |
2 | . | |
3 | .SH NAME | |
4 | .if !'po4a'hide' .B ext_edirectory_userip_acl | |
5 | .if !'po4a'hide' \- | |
6 | Squid eDirectory IP Lookup Helper | |
7 | .PP | |
8 | Version 2.0 | |
9 | . | |
10 | .SH SYNOPSIS | |
11 | .if !'po4a'hide' .B ext_edirectory_userip_acl | |
12 | .if !'po4a'hide' .B "[\-h | \-\-help | \-\-usage]" | |
13 | .if !'po4a'hide' .br | |
14 | .if !'po4a'hide' .B ext_edirectory_userip_acl | |
15 | .if !'po4a'hide' .B \-H " | |
16 | host | |
17 | .if !'po4a'hide' .B "\-p " | |
18 | port | |
19 | .if !'po4a'hide' .B "[\-Z] [\-P] [\-v " | |
20 | LDAP version | |
21 | .if !'po4a'hide' .B "] \-b " | |
22 | basedn | |
23 | .if !'po4a'hide' .B "\-s " | |
24 | scope | |
25 | .if !'po4a'hide' .B "\-D " | |
26 | binddn | |
27 | .if !'po4a'hide' .B "\-W " | |
28 | bindpass | |
29 | .if !'po4a'hide' .B "\-F " | |
30 | filter | |
31 | .if !'po4a'hide' .B "[\-G]" | |
32 | . | |
33 | .SH DESCRIPTION | |
34 | .B ext_edirectory_userip_acl | |
35 | is an installed binary. | |
36 | .PP | |
37 | This program has been written in order to solve the problems associated with running the Perl | |
38 | .B squid_ip_lookup.pl | |
39 | as a squid external helper. | |
40 | .PP | |
41 | The limitations of the Perl script involved memory/cpu utilization, speed, the lack | |
42 | of eDirectory 8.8 support, and IPv6 support. | |
43 | . | |
44 | .SH OPTIONS | |
45 | .if !'po4a'hide' .TP 12 | |
46 | .if !'po4a'hide' .B "\-4" | |
47 | Force Addresses to be in IPv4 (0.0.0.0 format). | |
48 | . | |
49 | .if !'po4a'hide' .TP | |
50 | .if !'po4a'hide' .B "\-6" | |
51 | Force Addresses to be in IPv6 (:: format). | |
52 | . | |
53 | .if !'po4a'hide' .TP | |
54 | .if !'po4a'hide' .BI \-b " base" | |
55 | Specify | |
56 | .B base | |
57 | DN. For example; | |
58 | .B o=ORG | |
59 | . | |
60 | .if !'po4a'hide' .TP | |
61 | .if !'po4a'hide' .B \-d | |
62 | Write debug info to stderr. | |
63 | . | |
64 | .if !'po4a'hide' .TP | |
65 | .if !'po4a'hide' .BI \-D "binddn" | |
66 | Specify binding DN. For example; | |
67 | .B "cn=squid,o=ORG" | |
68 | . | |
69 | .if !'po4a'hide' .TP | |
70 | .if !'po4a'hide' .BI \-F " filter" | |
71 | Specify LDAP search filter. For example; | |
72 | .B "(objectClass=User)" | |
73 | . | |
74 | .if !'po4a'hide' .TP | |
75 | .if !'po4a'hide' .B "\-G" | |
76 | Specify if LDAP search group is required. For example; | |
77 | .B groupMembership= | |
78 | . | |
79 | .if !'po4a'hide' .TP | |
80 | .if !'po4a'hide' .B "\-h | \-\-help | \-\-usage" | |
81 | Display the binary help and command line syntax info using stderr. | |
82 | . | |
83 | .if !'po4a'hide' .TP | |
84 | .if !'po4a'hide' .BI \-H " host" | |
85 | Specify hostname or IP of server | |
86 | . | |
87 | .if !'po4a'hide' .TP | |
88 | .if !'po4a'hide' .BI \-p " port" | |
89 | Port number. | |
90 | . | |
91 | .if !'po4a'hide' .TP | |
92 | .if !'po4a'hide' .B "\-P" | |
93 | Use persistent connections. | |
94 | . | |
95 | .if !'po4a'hide' .TP | |
96 | .if !'po4a'hide' .BI \-t " seconds" | |
97 | Timeout factor for persistent connections. Set to | |
98 | .B 0 | |
99 | for never timeout. Default is | |
100 | .B 60 | |
101 | seconds. | |
102 | . | |
103 | .if !'po4a'hide' .TP | |
104 | .if !'po4a'hide' .BI -s " base|one|sub" | |
105 | search scope. Defaults to | |
106 | .B sub | |
107 | .IP | |
108 | .B base | |
109 | object only, | |
110 | .IP | |
111 | .B one | |
112 | level below the base object or | |
113 | .IP | |
114 | .BR sub tree | |
115 | below the base object | |
116 | . | |
117 | .if !'po4a'hide' .TP | |
118 | .if !'po4a'hide' .BI \-u " attribute" | |
119 | Set userid | |
120 | .B attribute . | |
121 | Default is | |
122 | .B cn | |
123 | . | |
124 | .if !'po4a'hide' .TP | |
125 | .if !'po4a'hide' .BI \-v " 1|2|3" | |
126 | Set LDAP | |
127 | .B version | |
128 | . | |
129 | .if !'po4a'hide' .TP | |
130 | .if !'po4a'hide' .B "\-V" | |
131 | Display version information and exit. | |
132 | . | |
133 | .if !'po4a'hide' .TP | |
134 | .if !'po4a'hide' .BI \-W " password" | |
135 | Specify binding | |
136 | .B password | |
137 | . | |
138 | .if !'po4a'hide' .TP | |
139 | .if !'po4a'hide' .B "\-Z" | |
140 | Enable TLS security. | |
141 | . | |
142 | .SH CONFIGURATION | |
143 | . | |
144 | .if !'po4a'hide' .RS | |
6ca7324f | 145 | .if !'po4a'hide' .B external_acl_type IPUser %SRC /usr/sbin/ext_edirectory_userip_acl |
a2c8080d | 146 | .if !'po4a'hide' .br |
6ca7324f AJ |
147 | .if !'po4a'hide' .B acl edirectory_users_allowed external IPUser cn=Internet_Allowed,ou=ORG,o=BASE |
148 | .if !'po4a'hide' .B acl edirectory_users_denied external IPUser cn=Internet_Denied,ou=ORG,o=BASE | |
a2c8080d AJ |
149 | .if !'po4a'hide' .br |
150 | .if !'po4a'hide' .B http_access deny edirectory_users_denied | |
151 | .if !'po4a'hide' .B http_access allow edirectory_users_allowed | |
152 | .if !'po4a'hide' .B http_access deny all | |
153 | .if !'po4a'hide' .RE | |
154 | .PP | |
155 | In this example, the | |
156 | .B Internet_Allowed | |
157 | and | |
158 | .B Internet_Denied | |
159 | are Groups that users may be used to control internet access, which can also be stacked against other ACL's. | |
6ca7324f AJ |
160 | Use of the groups is optional, unless the '-G' option has been passed. Please note that you need to specify |
161 | the full LDAP object for this, as shown above. | |
a2c8080d AJ |
162 | . |
163 | .SH KNOWN ISSUES | |
164 | .PP | |
165 | IPv6 support has yet to be tested in a real IPv6 environment, but the code is in place to read IPv6 | |
166 | networkAddress fields, please attempt this in a TESTING environment first. Please contact the author | |
167 | regarding IPv6 support development. | |
168 | . | |
169 | .PP | |
170 | There is a known issue regarding Novell's Client for Windows, that is mostly fixed by using | |
171 | version 4.91 SP3+, with the 'Auto-Reconnect' feature not re-populating the networkAddress | |
172 | field in eDirectory. | |
173 | . | |
174 | .PP | |
175 | I have also experienced an issue related to using NetWare 6.5 (SP6 and lower?) and connection licensing. | |
176 | It appears that whenever a server runs low on connection licenses, that it | |
177 | I sometimes | |
178 | does not populate the networkAddress fields correctly. | |
179 | . | |
180 | .PP | |
181 | Majority of Proxy Authentication issues can be resolved by having the users' | |
182 | .B reboot | |
183 | if their networkAddress is not correct, or using | |
184 | .B basic_ldap_auth | |
185 | as a fallback. Check ConsoleOne, etc to verify their networkAddress fields to troubleshoot. | |
186 | . | |
187 | .SH AUTHOR | |
188 | This program was written by | |
189 | .if !'po4a'hide' .I Chad E. Naugle <chad.naugle@travimp.com> | |
190 | .PP | |
191 | This manual was written by | |
192 | .if !'po4a'hide' .I Chad E. Naugle <chad.naugle@travimp.com> | |
193 | .if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org> | |
194 | . | |
195 | .SH COPYRIGHT | |
ca02e0ec AJ |
196 | .PP |
197 | * Copyright (C) 1996-2014 The Squid Software Foundation and contributors | |
198 | * | |
199 | * Squid software is distributed under GPLv2+ license and includes | |
200 | * contributions from numerous individuals and organizations. | |
201 | * Please see the COPYING and CONTRIBUTORS files for details. | |
202 | .PP | |
a2c8080d AJ |
203 | This program and documentation is copyright to the authors named above. |
204 | .PP | |
205 | Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+). | |
206 | . | |
207 | .SH QUESTIONS | |
208 | Questions on the usage of this program can be sent to the | |
209 | .I Squid Users mailing list | |
210 | .if !'po4a'hide' <squid-users@squid-cache.org> | |
211 | . | |
212 | .SH REPORTING BUGS | |
213 | .PP | |
10228f68 AJ |
214 | I |
215 | .B "STRONGLY RECOMMEND" | |
216 | using the latest version of the Novell Client in all situations | |
a2c8080d | 217 | .B before |
6ca7324f AJ |
218 | seeking support! You may also need to make sure your servers have the latest service packs installed, and that |
219 | your servers are properly synchronizing partitions. | |
a2c8080d AJ |
220 | . |
221 | .PP | |
222 | Bug reports need to be made in English. | |
223 | See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. | |
224 | .PP | |
225 | Report bugs or bug fixes using http://bugs.squid-cache.org/ | |
226 | .PP | |
227 | Report serious security bugs to | |
228 | .I Squid Bugs <squid-bugs@squid-cache.org> | |
229 | .PP | |
230 | Report ideas for new improvements to the | |
231 | .I Squid Developers mailing list | |
232 | .if !'po4a'hide' <squid-dev@squid-cache.org> | |
233 | . | |
234 | .SH SEE ALSO | |
235 | .if !'po4a'hide' .BR squid "(8), " | |
236 | .if !'po4a'hide' .BR basic_ldap_auth "(8), " | |
237 | .if !'po4a'hide' .BR GPL "(7), " | |
238 | .br | |
239 | The Squid FAQ wiki | |
240 | .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq | |
241 | .br | |
242 | The Squid Configuration Manual | |
243 | .if !'po4a'hide' http://www.squid-cache.org/Doc/config/ |