src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8

   1 .if !'po4a'hide' .TH ext_edirectory_userip_acl 8
   2 .
   3 .SH NAME
   4 ext_edirectory_userip_acl \- Squid eDirectory IP Lookup Helper
   5 .PP
   6 Version 2.0
   7 .
   8 .SH SYNOPSIS
   9 .if !'po4a'hide' .B ext_edirectory_userip_acl
  10 .if !'po4a'hide' .B "[\-h | \-\-help | \-\-usage]"
  11 .if !'po4a'hide' .br
  12 .if !'po4a'hide' .B ext_edirectory_userip_acl
  13 .if !'po4a'hide' .B  \-H "
  14 host
  15 .if !'po4a'hide' .B "\-p "
  16 port
  17 .if !'po4a'hide' .B "[\-Z] [\-P] [\-v "
  18 LDAP version
  19 .if !'po4a'hide' .B "] \-b "
  20 basedn
  21 .if !'po4a'hide' .B "\-s "
  22 scope
  23 .if !'po4a'hide' .B "\-D "
  24 binddn
  25 .if !'po4a'hide' .B "\-W "
  26 bindpass
  27 .if !'po4a'hide' .B "\-F "
  28 filter
  29 .if !'po4a'hide' .B "[\-G]"
  30 .
  31 .SH DESCRIPTION
  32 .B ext_edirectory_userip_acl
  33 is an installed binary.
  34 .PP
  35 This program has been written in order to solve the problems associated with running the Perl
  36 .B squid_ip_lookup.pl
  37 as a squid external helper.
  38 .PP
  39 The limitations of the Perl script involved memory/cpu utilization, speed, the lack
  40 of eDirectory 8.8 support, and IPv6 support.
  41 .
  42 .SH OPTIONS
  43 .if !'po4a'hide' .TP 12
  44 .if !'po4a'hide' .B "\-4"
  45 Force Addresses to be in IPv4 (0.0.0.0 format).
  46 .
  47 .if !'po4a'hide' .TP
  48 .if !'po4a'hide' .B "\-6"
  49 Force Addresses to be in IPv6 (:: format).
  50 .
  51 .if !'po4a'hide' .TP
  52 .if !'po4a'hide' .BI \-b " base"
  53 Specify
  54 .B base
  55 DN. For example;
  56 .B o=ORG
  57 .
  58 .if !'po4a'hide' .TP
  59 .if !'po4a'hide' .B \-d
  60 Write debug info to stderr.
  61 .
  62 .if !'po4a'hide' .TP
  63 .if !'po4a'hide' .BI \-D "binddn"
  64 Specify binding DN. For example;
  65 .B "cn=squid,o=ORG"
  66 .
  67 .if !'po4a'hide' .TP
  68 .if !'po4a'hide' .BI \-F " filter"
  69 Specify LDAP search filter. For example;
  70 .B "(objectClass=User)"
  71 .
  72 .if !'po4a'hide' .TP
  73 .if !'po4a'hide' .B "\-G"
  74 Specify if LDAP search group is required. For example;
  75 .B groupMembership=
  76 .
  77 .if !'po4a'hide' .TP
  78 .if !'po4a'hide' .B "\-h | \-\-help | \-\-usage"
  79 Display the binary help and command line syntax info using stderr.
  80 .
  81 .if !'po4a'hide' .TP
  82 .if !'po4a'hide' .BI \-H " host"
  83 Specify hostname or IP of server
  84 .
  85 .if !'po4a'hide' .TP
  86 .if !'po4a'hide' .BI \-p " port"
  87 Port number.
  88 .
  89 .if !'po4a'hide' .TP
  90 .if !'po4a'hide' .B "\-P"
  91 Use persistent connections.
  92 .
  93 .if !'po4a'hide' .TP
  94 .if !'po4a'hide' .BI \-t " seconds"
  95 Timeout factor for persistent connections. Set to
  96 .B 0
  97 for never timeout. Default is
  98 .B 60
  99 seconds.
 100 .
 101 .if !'po4a'hide' .TP
 102 .if !'po4a'hide' .BI -s " base|one|sub"
 103 search scope. Defaults to
 104 .B sub
 105 .IP
 106 .B base
 107 object only,
 108 .IP
 109 .B one
 110 level below the base object or
 111 .IP
 112 .BR sub tree
 113 below the base object
 114 .
 115 .if !'po4a'hide' .TP
 116 .if !'po4a'hide' .BI \-u " attribute"
 117 Set userid
 118 .B attribute .
 119 Default is
 120 .B cn
 121 .
 122 .if !'po4a'hide' .TP
 123 .if !'po4a'hide' .BI \-v " 1|2|3"
 124 Set LDAP
 125 .B version
 126 .
 127 .if !'po4a'hide' .TP
 128 .if !'po4a'hide' .B "\-V"
 129 Display version information and exit.
 130 .
 131 .if !'po4a'hide' .TP
 132 .if !'po4a'hide' .BI \-W " password"
 133 Specify binding
 134 .B password
 135 .
 136 .if !'po4a'hide' .TP
 137 .if !'po4a'hide' .B "\-Z"
 138 Enable TLS security.
 139 .
 140 .SH CONFIGURATION
 141 .
 142 .if !'po4a'hide' .RS
 143 .if !'po4a'hide' .B external_acl_type IPUser %SRC /usr/sbin/ext_edirectory_userip_acl
 144 .if !'po4a'hide' .br
 145 .if !'po4a'hide' .B acl edirectory_users_allowed external IPUser cn=Internet_Allowed,ou=ORG,o=BASE
 146 .if !'po4a'hide' .B acl edirectory_users_denied external IPUser cn=Internet_Denied,ou=ORG,o=BASE
 147 .if !'po4a'hide' .br
 148 .if !'po4a'hide' .B http_access deny edirectory_users_denied
 149 .if !'po4a'hide' .B http_access allow edirectory_users_allowed
 150 .if !'po4a'hide' .B http_access deny all
 151 .if !'po4a'hide' .RE
 152 .PP
 153 In this example, the
 154 .B Internet_Allowed
 155 and
 156 .B Internet_Denied
 157 are Groups that users may be used to control internet access, which can also be stacked against other ACL's.
 158 Use of the groups is optional, unless the '-G' option has been passed.  Please note that you need to specify
 159 the full LDAP object for this, as shown above.
 160 .
 161 .SH KNOWN ISSUES
 162 .PP
 163 IPv6 support has yet to be tested in a real IPv6 environment, but the code is in place to read IPv6
 164 networkAddress fields, please attempt this in a TESTING environment first.  Please contact the author
 165 regarding IPv6 support development.
 166 .
 167 .PP
 168 There is a known issue regarding Novell's Client for Windows, that is mostly fixed by using
 169 version 4.91 SP3+, with the 'Auto-Reconnect' feature not re-populating the networkAddress
 170 field in eDirectory.
 171 .
 172 .PP
 173 I have also experienced an issue related to using NetWare 6.5 (SP6 and lower?) and connection licensing.
 174 It appears that whenever a server runs low on connection licenses, that it
 175 I sometimes
 176 does not populate the networkAddress fields correctly.
 177 .
 178 .PP
 179 Majority of Proxy Authentication issues can be resolved by having the users'
 180 .B reboot
 181 if their networkAddress is not correct, or using
 182 .B basic_ldap_auth
 183 as a fallback.  Check ConsoleOne, etc to verify their networkAddress fields to troubleshoot.
 184 .
 185 .SH AUTHOR
 186 This program was written by
 187 .if !'po4a'hide' .I Chad E. Naugle <chad.naugle@travimp.com>
 188 .PP
 189 This manual was written by
 190 .if !'po4a'hide' .I Chad E. Naugle <chad.naugle@travimp.com>
 191 .if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org>
 192 .
 193 .SH COPYRIGHT
 194 .PP
 195  * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
 196  *
 197  * Squid software is distributed under GPLv2+ license and includes
 198  * contributions from numerous individuals and organizations.
 199  * Please see the COPYING and CONTRIBUTORS files for details.
 200 .PP
 201 This program and documentation is copyright to the authors named above.
 202 .PP
 203 Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
 204 .
 205 .SH QUESTIONS
 206 Questions on the usage of this program can be sent to the
 207 .I Squid Users mailing list
 208 .if !'po4a'hide' <squid-users@squid-cache.org>
 209 .
 210 .SH REPORTING BUGS
 211 .PP
 212 I
 213 .B "STRONGLY RECOMMEND"
 214 using the latest version of the Novell Client in all situations
 215 .B before
 216 seeking support!  You may also need to make sure your servers have the latest service packs installed, and that
 217 your servers are properly synchronizing partitions.
 218 .
 219 .PP
 220 Bug reports need to be made in English.
 221 See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
 222 .PP
 223 Report bugs or bug fixes using http://bugs.squid-cache.org/
 224 .PP
 225 Report serious security bugs to
 226 .I Squid Bugs <squid-bugs@squid-cache.org>
 227 .PP
 228 Report ideas for new improvements to the
 229 .I Squid Developers mailing list
 230 .if !'po4a'hide' <squid-dev@squid-cache.org>
 231 .
 232 .SH SEE ALSO
 233 .if !'po4a'hide' .BR squid "(8), "
 234 .if !'po4a'hide' .BR basic_ldap_auth "(8), "
 235 .if !'po4a'hide' .BR GPL "(7), "
 236 .br
 237 The Squid FAQ wiki
 238 .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
 239 .br
 240 The Squid Configuration Manual
 241 .if !'po4a'hide' http://www.squid-cache.org/Doc/config/