From: Amos Jeffries Date: Sun, 19 Sep 2010 05:21:08 +0000 (+1200) Subject: Manual for ext_edirectory_userip_acl X-Git-Tag: take1~247 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a2c8080dc8a59fb9e002dcd7aa8dab7be6252d03;p=thirdparty%2Fsquid.git Manual for ext_edirectory_userip_acl --- diff --git a/helpers/external_acl/LDAP_group/ext_ldap_group_acl.8 b/helpers/external_acl/LDAP_group/ext_ldap_group_acl.8 index c822411f78..1aab94b2a8 100644 --- a/helpers/external_acl/LDAP_group/ext_ldap_group_acl.8 +++ b/helpers/external_acl/LDAP_group/ext_ldap_group_acl.8 @@ -201,8 +201,8 @@ are supported. .if !'po4a'hide' .TP .if !'po4a'hide' .BI \-v " 2|3" LDAP protocol version. Defaults to -.B 3 - if not specified. +.B 3 +if not specified. . .if !'po4a'hide' .TP .if !'po4a'hide' .BI \-Z diff --git a/helpers/external_acl/eDirectory_userip/Makefile.am b/helpers/external_acl/eDirectory_userip/Makefile.am index 0d4574a356..0801dbc5c5 100644 --- a/helpers/external_acl/eDirectory_userip/Makefile.am +++ b/helpers/external_acl/eDirectory_userip/Makefile.am @@ -11,4 +11,6 @@ ext_edirectory_userip_acl_LDADD = \ $(LBERLIB) \ $(XTRA_LIBS) -EXTRA_DIST = config.test +man_MANS = ext_edirectory_userip_acl.8 + +EXTRA_DIST = config.test ext_edirectory_userip_acl.8 diff --git a/helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8 b/helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8 new file mode 100644 index 0000000000..536da7c9de --- /dev/null +++ b/helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8 @@ -0,0 +1,232 @@ +.if !'po4a'hide' .TH ext_edirectory_userip_acl 8 +. +.SH NAME +.if !'po4a'hide' .B ext_edirectory_userip_acl +.if !'po4a'hide' \- +Squid eDirectory IP Lookup Helper +.PP +Version 2.0 +. +.SH SYNOPSIS +.if !'po4a'hide' .B ext_edirectory_userip_acl +.if !'po4a'hide' .B "[\-h | \-\-help | \-\-usage]" +.if !'po4a'hide' .br +.if !'po4a'hide' .B ext_edirectory_userip_acl +.if !'po4a'hide' .B \-H " +host +.if !'po4a'hide' .B "\-p " +port +.if !'po4a'hide' .B "[\-Z] [\-P] [\-v " +LDAP version +.if !'po4a'hide' .B "] \-b " +basedn +.if !'po4a'hide' .B "\-s " +scope +.if !'po4a'hide' .B "\-D " +binddn +.if !'po4a'hide' .B "\-W " +bindpass +.if !'po4a'hide' .B "\-F " +filter +.if !'po4a'hide' .B "[\-G]" +. +.SH DESCRIPTION +.B ext_edirectory_userip_acl +is an installed binary. +.PP +This program has been written in order to solve the problems associated with running the Perl +.B squid_ip_lookup.pl +as a squid external helper. +.PP +The limitations of the Perl script involved memory/cpu utilization, speed, the lack +of eDirectory 8.8 support, and IPv6 support. +. +.SH OPTIONS +.if !'po4a'hide' .TP 12 +.if !'po4a'hide' .B "\-4" +Force Addresses to be in IPv4 (0.0.0.0 format). +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .B "\-6" +Force Addresses to be in IPv6 (:: format). +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .BI \-b " base" +Specify +.B base +DN. For example; +.B o=ORG +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .B \-d +Write debug info to stderr. +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .BI \-D "binddn" +Specify binding DN. For example; +.B "cn=squid,o=ORG" +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .BI \-F " filter" +Specify LDAP search filter. For example; +.B "(objectClass=User)" +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .B "\-G" +Specify if LDAP search group is required. For example; +.B groupMembership= +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .B "\-h | \-\-help | \-\-usage" +Display the binary help and command line syntax info using stderr. +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .BI \-H " host" +Specify hostname or IP of server +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .BI \-p " port" +Port number. +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .B "\-P" +Use persistent connections. +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .BI \-t " seconds" +Timeout factor for persistent connections. Set to +.B 0 +for never timeout. Default is +.B 60 +seconds. +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .BI -s " base|one|sub" +search scope. Defaults to +.B sub +.IP +.B base +object only, +.IP +.B one +level below the base object or +.IP +.BR sub tree +below the base object +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .BI \-u " attribute" +Set userid +.B attribute . +Default is +.B cn +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .BI \-v " 1|2|3" +Set LDAP +.B version +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .B "\-V" +Display version information and exit. +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .BI \-W " password" +Specify binding +.B password +. +.if !'po4a'hide' .TP +.if !'po4a'hide' .B "\-Z" +Enable TLS security. +. +.SH CONFIGURATION +. +.if !'po4a'hide' .RS +.if !'po4a'hide' .B external_acl_type IPUser %SRC /usr/sbin/squid_edir_iplookup +.if !'po4a'hide' .br +.if !'po4a'hide' .B acl edirectory_users_allowed external IPUser Internet_Allowed +.if !'po4a'hide' .B acl edirectory_users_denied external IPUser Internet_Denied +.if !'po4a'hide' .br +.if !'po4a'hide' .B http_access deny edirectory_users_denied +.if !'po4a'hide' .B http_access allow edirectory_users_allowed +.if !'po4a'hide' .B http_access deny all +.if !'po4a'hide' .RE +.PP +In this example, the +.B Internet_Allowed +and +.B Internet_Denied +are Groups that users may be used to control internet access, which can also be stacked against other ACL's. +Use of the groups is optional. +. +.SH KNOWN ISSUES +.PP +IPv6 support has yet to be tested in a real IPv6 environment, but the code is in place to read IPv6 +networkAddress fields, please attempt this in a TESTING environment first. Please contact the author +regarding IPv6 support development. +. +.PP +There is a known issue regarding Novell's Client for Windows, that is mostly fixed by using +version 4.91 SP3+, with the 'Auto-Reconnect' feature not re-populating the networkAddress +field in eDirectory. +. +.PP +I have also experienced an issue related to using NetWare 6.5 (SP6 and lower?) and connection licensing. +It appears that whenever a server runs low on connection licenses, that it +I sometimes +does not populate the networkAddress fields correctly. +. +.PP +Majority of Proxy Authentication issues can be resolved by having the users' +.B reboot +if their networkAddress is not correct, or using +.B basic_ldap_auth +as a fallback. Check ConsoleOne, etc to verify their networkAddress fields to troubleshoot. +. +.SH AUTHOR +This program was written by +.if !'po4a'hide' .I Chad E. Naugle +.PP +This manual was written by +.if !'po4a'hide' .I Chad E. Naugle +.if !'po4a'hide' .I Amos Jeffries +. +.SH COPYRIGHT +This program and documentation is copyright to the authors named above. +.PP +Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+). +. +.SH QUESTIONS +Questions on the usage of this program can be sent to the +.I Squid Users mailing list +.if !'po4a'hide' +. +.SH REPORTING BUGS +.PP +I *STRONGLY RECOMMEND* using the latest version of the Novell Client in all situations +.B before +seeking support! You may also need to make sure your servers have the latest service packs. +. +.PP +Bug reports need to be made in English. +See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. +.PP +Report bugs or bug fixes using http://bugs.squid-cache.org/ +.PP +Report serious security bugs to +.I Squid Bugs +.PP +Report ideas for new improvements to the +.I Squid Developers mailing list +.if !'po4a'hide' +. +.SH SEE ALSO +.if !'po4a'hide' .BR squid "(8), " +.if !'po4a'hide' .BR basic_ldap_auth "(8), " +.if !'po4a'hide' .BR GPL "(7), " +.br +The Squid FAQ wiki +.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq +.br +The Squid Configuration Manual +.if !'po4a'hide' http://www.squid-cache.org/Doc/config/