]> git.ipfire.org Git - thirdparty/squid.git/blame - helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8
projects / thirdparty / squid.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Boilerplate: update copyright blurbs on Squid helpers
[thirdparty/squid.git] / helpers / external_acl / eDirectory_userip / ext_edirectory_userip_acl.8
CommitLineData
a2c8080d
AJ		 1.if !'po4a'hide' .TH ext_edirectory_userip_acl 8
2.
3.SH NAME
4.if !'po4a'hide' .B ext_edirectory_userip_acl
5.if !'po4a'hide' \-
6Squid eDirectory IP Lookup Helper
7.PP
8Version 2.0
9.
10.SH SYNOPSIS
11.if !'po4a'hide' .B ext_edirectory_userip_acl
12.if !'po4a'hide' .B "[\-h | \-\-help | \-\-usage]"
13.if !'po4a'hide' .br
14.if !'po4a'hide' .B ext_edirectory_userip_acl
15.if !'po4a'hide' .B \-H "
16host
17.if !'po4a'hide' .B "\-p "
18port
19.if !'po4a'hide' .B "[\-Z] [\-P] [\-v "
20LDAP version
21.if !'po4a'hide' .B "] \-b "
22basedn
23.if !'po4a'hide' .B "\-s "
24scope
25.if !'po4a'hide' .B "\-D "
26binddn
27.if !'po4a'hide' .B "\-W "
28bindpass
29.if !'po4a'hide' .B "\-F "
30filter
31.if !'po4a'hide' .B "[\-G]"
32.
33.SH DESCRIPTION
34.B ext_edirectory_userip_acl
35is an installed binary.
36.PP
37This program has been written in order to solve the problems associated with running the Perl
38.B squid_ip_lookup.pl
39as a squid external helper.
40.PP
41The limitations of the Perl script involved memory/cpu utilization, speed, the lack
42of eDirectory 8.8 support, and IPv6 support.
43.
44.SH OPTIONS
45.if !'po4a'hide' .TP 12
46.if !'po4a'hide' .B "\-4"
47Force Addresses to be in IPv4 (0.0.0.0 format).
48.
49.if !'po4a'hide' .TP
50.if !'po4a'hide' .B "\-6"
51Force Addresses to be in IPv6 (:: format).
52.
53.if !'po4a'hide' .TP
54.if !'po4a'hide' .BI \-b " base"
55Specify
56.B base
57DN. For example;
58.B o=ORG
59.
60.if !'po4a'hide' .TP
61.if !'po4a'hide' .B \-d
62Write debug info to stderr.
63.
64.if !'po4a'hide' .TP
65.if !'po4a'hide' .BI \-D "binddn"
66Specify binding DN. For example;
67.B "cn=squid,o=ORG"
68.
69.if !'po4a'hide' .TP
70.if !'po4a'hide' .BI \-F " filter"
71Specify LDAP search filter. For example;
72.B "(objectClass=User)"
73.
74.if !'po4a'hide' .TP
75.if !'po4a'hide' .B "\-G"
76Specify if LDAP search group is required. For example;
77.B groupMembership=
78.
79.if !'po4a'hide' .TP
80.if !'po4a'hide' .B "\-h | \-\-help | \-\-usage"
81Display the binary help and command line syntax info using stderr.
82.
83.if !'po4a'hide' .TP
84.if !'po4a'hide' .BI \-H " host"
85Specify hostname or IP of server
86.
87.if !'po4a'hide' .TP
88.if !'po4a'hide' .BI \-p " port"
89Port number.
90.
91.if !'po4a'hide' .TP
92.if !'po4a'hide' .B "\-P"
93Use persistent connections.
94.
95.if !'po4a'hide' .TP
96.if !'po4a'hide' .BI \-t " seconds"
97Timeout factor for persistent connections. Set to
98.B 0
99for never timeout. Default is
100.B 60
101seconds.
102.
103.if !'po4a'hide' .TP
104.if !'po4a'hide' .BI -s " base|one|sub"
105search scope. Defaults to
106.B sub
107.IP
108.B base
109object only,
110.IP
111.B one
112level below the base object or
113.IP
114.BR sub tree
115below the base object
116.
117.if !'po4a'hide' .TP
118.if !'po4a'hide' .BI \-u " attribute"
119Set userid
120.B attribute .
121Default is
122.B cn
123.
124.if !'po4a'hide' .TP
125.if !'po4a'hide' .BI \-v " 1|2|3"
126Set LDAP
127.B version
128.
129.if !'po4a'hide' .TP
130.if !'po4a'hide' .B "\-V"
131Display version information and exit.
132.
133.if !'po4a'hide' .TP
134.if !'po4a'hide' .BI \-W " password"
135Specify binding
136.B password
137.
138.if !'po4a'hide' .TP
139.if !'po4a'hide' .B "\-Z"
140Enable TLS security.
141.
142.SH CONFIGURATION
143.
144.if !'po4a'hide' .RS
6ca7324f 145.if !'po4a'hide' .B external_acl_type IPUser %SRC /usr/sbin/ext_edirectory_userip_acl
a2c8080d 146.if !'po4a'hide' .br
6ca7324f
AJ		 147.if !'po4a'hide' .B acl edirectory_users_allowed external IPUser cn=Internet_Allowed,ou=ORG,o=BASE
148.if !'po4a'hide' .B acl edirectory_users_denied external IPUser cn=Internet_Denied,ou=ORG,o=BASE
a2c8080d
AJ		 149.if !'po4a'hide' .br
150.if !'po4a'hide' .B http_access deny edirectory_users_denied
151.if !'po4a'hide' .B http_access allow edirectory_users_allowed
152.if !'po4a'hide' .B http_access deny all
153.if !'po4a'hide' .RE
154.PP
155In this example, the
156.B Internet_Allowed
157and
158.B Internet_Denied
159are Groups that users may be used to control internet access, which can also be stacked against other ACL's.
6ca7324f
AJ		 160Use of the groups is optional, unless the '-G' option has been passed. Please note that you need to specify
161the full LDAP object for this, as shown above.
a2c8080d
AJ		 162.
163.SH KNOWN ISSUES
164.PP
165IPv6 support has yet to be tested in a real IPv6 environment, but the code is in place to read IPv6
166networkAddress fields, please attempt this in a TESTING environment first. Please contact the author
167regarding IPv6 support development.
168.
169.PP
170There is a known issue regarding Novell's Client for Windows, that is mostly fixed by using
171version 4.91 SP3+, with the 'Auto-Reconnect' feature not re-populating the networkAddress
172field in eDirectory.
173.
174.PP
175I have also experienced an issue related to using NetWare 6.5 (SP6 and lower?) and connection licensing.
176It appears that whenever a server runs low on connection licenses, that it
177I sometimes
178does not populate the networkAddress fields correctly.
179.
180.PP
181Majority of Proxy Authentication issues can be resolved by having the users'
182.B reboot
183if their networkAddress is not correct, or using
184.B basic_ldap_auth
185as a fallback. Check ConsoleOne, etc to verify their networkAddress fields to troubleshoot.
186.
187.SH AUTHOR
188This program was written by
189.if !'po4a'hide' .I Chad E. Naugle <chad.naugle@travimp.com>
190.PP
191This manual was written by
192.if !'po4a'hide' .I Chad E. Naugle <chad.naugle@travimp.com>
193.if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org>
194.
195.SH COPYRIGHT
ca02e0ec
AJ		 196.PP
197 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
198 *
199 * Squid software is distributed under GPLv2+ license and includes
200 * contributions from numerous individuals and organizations.
201 * Please see the COPYING and CONTRIBUTORS files for details.
202.PP
a2c8080d
AJ		 203This program and documentation is copyright to the authors named above.
204.PP
205Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
206.
207.SH QUESTIONS
208Questions on the usage of this program can be sent to the
209.I Squid Users mailing list
210.if !'po4a'hide' <squid-users@squid-cache.org>
211.
212.SH REPORTING BUGS
213.PP
10228f68
AJ		 214I
215.B "STRONGLY RECOMMEND"
216using the latest version of the Novell Client in all situations
a2c8080d 217.B before
6ca7324f
AJ		 218seeking support! You may also need to make sure your servers have the latest service packs installed, and that
219your servers are properly synchronizing partitions.
a2c8080d
AJ		 220.
221.PP
222Bug reports need to be made in English.
223See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
224.PP
225Report bugs or bug fixes using http://bugs.squid-cache.org/
226.PP
227Report serious security bugs to
228.I Squid Bugs <squid-bugs@squid-cache.org>
229.PP
230Report ideas for new improvements to the
231.I Squid Developers mailing list
232.if !'po4a'hide' <squid-dev@squid-cache.org>
233.
234.SH SEE ALSO
235.if !'po4a'hide' .BR squid "(8), "
236.if !'po4a'hide' .BR basic_ldap_auth "(8), "
237.if !'po4a'hide' .BR GPL "(7), "
238.br
239The Squid FAQ wiki
240.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
241.br
242The Squid Configuration Manual
243.if !'po4a'hide' http://www.squid-cache.org/Doc/config/
Mirror of https://github.com/squid-cache/squid.git