1.if !'po4a'hide' .TH ext_edirectory_userip_acl 8 2. 3.SH NAME 4ext_edirectory_userip_acl \- Squid eDirectory IP Lookup Helper 5.PP 6Version 2.0 7. 8.SH SYNOPSIS 9.if !'po4a'hide' .B ext_edirectory_userip_acl 10.if !'po4a'hide' .B "[\-h | \-\-help | \-\-usage]" 11.if !'po4a'hide' .br 12.if !'po4a'hide' .B ext_edirectory_userip_acl 13.if !'po4a'hide' .B \-H " 14host 15.if !'po4a'hide' .B "\-p " 16port 17.if !'po4a'hide' .B "[\-Z] [\-P] [\-v " 18LDAP version 19.if !'po4a'hide' .B "] \-b " 20basedn 21.if !'po4a'hide' .B "\-s " 22scope 23.if !'po4a'hide' .B "\-D " 24binddn 25.if !'po4a'hide' .B "\-W " 26bindpass 27.if !'po4a'hide' .B "\-F " 28filter 29.if !'po4a'hide' .B "[\-G]" 30. 31.SH DESCRIPTION 32.B ext_edirectory_userip_acl 33is an installed binary. 34.PP 35This program has been written in order to solve the problems associated with running the Perl 36.B squid_ip_lookup.pl 37as a squid external helper. 38.PP 39The limitations of the Perl script involved memory/cpu utilization, speed, the lack 40of eDirectory 8.8 support, and IPv6 support. 41. 42.SH OPTIONS 43.if !'po4a'hide' .TP 12 44.if !'po4a'hide' .B "\-4" 45Force Addresses to be in IPv4 (0.0.0.0 format). 46. 47.if !'po4a'hide' .TP 48.if !'po4a'hide' .B "\-6" 49Force Addresses to be in IPv6 (:: format). 50. 51.if !'po4a'hide' .TP 52.if !'po4a'hide' .BI \-b " base" 53Specify 54.B base 55DN. For example; 56.B o=ORG 57. 58.if !'po4a'hide' .TP 59.if !'po4a'hide' .B \-d 60Write debug info to stderr. 61. 62.if !'po4a'hide' .TP 63.if !'po4a'hide' .BI \-D "binddn" 64Specify binding DN. For example; 65.B "cn=squid,o=ORG" 66. 67.if !'po4a'hide' .TP 68.if !'po4a'hide' .BI \-F " filter" 69Specify LDAP search filter. For example; 70.B "(objectClass=User)" 71. 72.if !'po4a'hide' .TP 73.if !'po4a'hide' .B "\-G" 74Specify if LDAP search group is required. For example; 75.B groupMembership= 76. 77.if !'po4a'hide' .TP 78.if !'po4a'hide' .B "\-h | \-\-help | \-\-usage" 79Display the binary help and command line syntax info using stderr. 80. 81.if !'po4a'hide' .TP 82.if !'po4a'hide' .BI \-H " host" 83Specify hostname or IP of server 84. 85.if !'po4a'hide' .TP 86.if !'po4a'hide' .BI \-p " port" 87Port number. 88. 89.if !'po4a'hide' .TP 90.if !'po4a'hide' .B "\-P" 91Use persistent connections. 92. 93.if !'po4a'hide' .TP 94.if !'po4a'hide' .BI \-t " seconds" 95Timeout factor for persistent connections. Set to 96.B 0 97for never timeout. Default is 98.B 60 99seconds. 100. 101.if !'po4a'hide' .TP 102.if !'po4a'hide' .BI -s " base|one|sub" 103search scope. Defaults to 104.B sub 105.IP 106.B base 107object only, 108.IP 109.B one 110level below the base object or 111.IP 112.BR sub tree 113below the base object 114. 115.if !'po4a'hide' .TP 116.if !'po4a'hide' .BI \-u " attribute" 117Set userid 118.B attribute . 119Default is 120.B cn 121. 122.if !'po4a'hide' .TP 123.if !'po4a'hide' .BI \-v " 1|2|3" 124Set LDAP 125.B version 126. 127.if !'po4a'hide' .TP 128.if !'po4a'hide' .B "\-V" 129Display version information and exit. 130. 131.if !'po4a'hide' .TP 132.if !'po4a'hide' .BI \-W " password" 133Specify binding 134.B password 135. 136.if !'po4a'hide' .TP 137.if !'po4a'hide' .B "\-Z" 138Enable TLS security. 139. 140.SH CONFIGURATION 141. 142.if !'po4a'hide' .RS 143.if !'po4a'hide' .B external_acl_type IPUser %SRC /usr/sbin/ext_edirectory_userip_acl 144.if !'po4a'hide' .br 145.if !'po4a'hide' .B acl edirectory_users_allowed external IPUser cn=Internet_Allowed,ou=ORG,o=BASE 146.if !'po4a'hide' .B acl edirectory_users_denied external IPUser cn=Internet_Denied,ou=ORG,o=BASE 147.if !'po4a'hide' .br 148.if !'po4a'hide' .B http_access deny edirectory_users_denied 149.if !'po4a'hide' .B http_access allow edirectory_users_allowed 150.if !'po4a'hide' .B http_access deny all 151.if !'po4a'hide' .RE 152.PP 153In this example, the 154.B Internet_Allowed 155and 156.B Internet_Denied 157are Groups that users may be used to control internet access, which can also be stacked against other ACL's. 158Use of the groups is optional, unless the '-G' option has been passed. Please note that you need to specify 159the full LDAP object for this, as shown above. 160. 161.SH KNOWN ISSUES 162.PP 163IPv6 support has yet to be tested in a real IPv6 environment, but the code is in place to read IPv6 164networkAddress fields, please attempt this in a TESTING environment first. Please contact the author 165regarding IPv6 support development. 166. 167.PP 168There is a known issue regarding Novell's Client for Windows, that is mostly fixed by using 169version 4.91 SP3+, with the 'Auto-Reconnect' feature not re-populating the networkAddress 170field in eDirectory. 171. 172.PP 173I have also experienced an issue related to using NetWare 6.5 (SP6 and lower?) and connection licensing. 174It appears that whenever a server runs low on connection licenses, that it 175I sometimes 176does not populate the networkAddress fields correctly. 177. 178.PP 179Majority of Proxy Authentication issues can be resolved by having the users' 180.B reboot 181if their networkAddress is not correct, or using 182.B basic_ldap_auth 183as a fallback. Check ConsoleOne, etc to verify their networkAddress fields to troubleshoot. 184. 185.SH AUTHOR 186This program was written by 187.if !'po4a'hide' .I Chad E. Naugle <chad.naugle@travimp.com> 188.PP 189This manual was written by 190.if !'po4a'hide' .I Chad E. Naugle <chad.naugle@travimp.com> 191.if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org> 192. 193.SH COPYRIGHT 194.PP 195 * Copyright (C) 1996-2021 The Squid Software Foundation and contributors 196 * 197 * Squid software is distributed under GPLv2+ license and includes 198 * contributions from numerous individuals and organizations. 199 * Please see the COPYING and CONTRIBUTORS files for details. 200.PP 201This program and documentation is copyright to the authors named above. 202.PP 203Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+). 204. 205.SH QUESTIONS 206Questions on the usage of this program can be sent to the 207.I Squid Users mailing list 208.if !'po4a'hide' <squid-users@lists.squid-cache.org> 209. 210.SH REPORTING BUGS 211.PP 212I 213.B "STRONGLY RECOMMEND" 214using the latest version of the Novell Client in all situations 215.B before 216seeking support! You may also need to make sure your servers have the latest service packs installed, and that 217your servers are properly synchronizing partitions. 218. 219.PP 220Bug reports need to be made in English. 221See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. 222.PP 223Report bugs or bug fixes using http://bugs.squid-cache.org/ 224.PP 225Report serious security bugs to 226.I Squid Bugs <squid-bugs@lists.squid-cache.org> 227.PP 228Report ideas for new improvements to the 229.I Squid Developers mailing list 230.if !'po4a'hide' <squid-dev@lists.squid-cache.org> 231. 232.SH SEE ALSO 233.if !'po4a'hide' .BR squid "(8), " 234.if !'po4a'hide' .BR basic_ldap_auth "(8), " 235.if !'po4a'hide' .BR GPL "(7), " 236.br 237The Squid FAQ wiki 238.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq 239.br 240The Squid Configuration Manual 241.if !'po4a'hide' http://www.squid-cache.org/Doc/config/ 242