This patch adds the following new features to squidguard-1.2.0:

LDAP User Grouping Support:
---------------------------

Squidguard now searches LDAP using specified LDAP search URLs whenever
a username is not found in an existing user list.  The two new keywords
in the squidguard.conf file that enable this are as follows:

    ldapusersearch	This keyword goes in the Source {} config block, and
			specifies an LDAP URL to use to search for an unknown
			user name.

			You can specify multple LDAP URLs per Source block.

			Use '%s' to reference the username in your LDAP URL.

			If the search returns a record, the user is considered
			"found", otherwise the next URL in the same Source
			block is tried.

			Squidguard caches the "found" state of each search,
			even when a user name is not found.  The cache
			is valid for ldapcachetime seconds.

    ldapcachetime	This global keyword specifies the number of seconds
    			to cache LDAP search results before contacting
			the LDAP server again.  This keyword is global and
			must go outside any Source/Destination/Rule blocks.

			Setting this value to a reasonably low value can
			allow simulation of near-realtime user groupings
			in LDAP without restarting squidguard.

			Recommended value: 300


Programmatic User Lists:
------------------------

Instead of putting a list of users in a file, you can now run a program
or script to list users on stdout.  This user list behaves exactly like
a regular userlist, loaded at start time, and stored in memory statically.

    execuserlist	This keyword goes in the Source {} block, and
    			specifies a command to run that will write a list
			of usernames on stdout.



Below is an example squidguard.conf file, showing the various user list
options:

-------------------  Example squidguard.conf snippet  ------------------------

dbhome /var/lib/squidguard
logdir /var/log/squidguard

# ldap cache time in seconds
ldapcachetime	300

src INTERNAL_LAN {
	ip		192.168.0.0/24 127.0.0.1
	within		workhours
	user		dave,chris,john, marconi
	ldapusersearch	ldap://ldap.example.com/cn=squidguardusers,ou=groups,dc=example,dc=com?memberUid?sub?(&(objectclass=posixGroup)(memberUid=%s))
	execuserlist	sed "s/:.*$//" /etc/passwd
	log		internal_lan
}

------------------------------  End snippet  ---------------------------------

Chris Frey
<cdfrey@netdirect.ca>
2004/09/29