[squid-users] Distributing users according to their LDAP groups on multiple cache peers

Amos Jeffries squid3 at treenet.co.nz
Tue Apr 7 07:01:15 UTC 2020

On 7/04/20 6:19 pm, Silamael Darkomen wrote:
> Hello,
> Is there any possibility to distribute a bunch of users to different
> cache peers based on the user group in LDAP?
> For older versions this was possible by using the slow external ACL
> first for evaluation in the http_access clause and latter using the slow
> external ACLs again in the cache_peer_access option.
> With the update from 4.9 to 4.10 this behavior seems to be broken.

That trick has never been properly consistent. It relies on the first
entry not being pushed out of cache before the second check. Under any
type of load it starts to fail.

In current Squid you can have the helper deliver group=blah and use the
note ACL type to check it in the fast checks. It works reliably, and
with multiple groups.


More information about the squid-users mailing list