Re: LDAP authentication

From: Brian Johnson <bmj@dont-contact.us>
Date: Thu, 04 May 2000 10:43:50 -0400

Joel Taqueban wrote:

> Dear Ilker & squid users,
>
> I've got my squid ldap authentication working. Thanks a lot!
>
> But there's one thing I noticed: when I added the authentication I was
> surprised that the disallowed times for my users to access the
> Internet is no longer working - I mean they can now readily access
> the whole web even after the allowed times. Here's my ACLs and
> http_access definitions:
>
> I've tried making changes to the ACLs. Here is my complete list:
>
> authenticate_program /usr/local/squid/bin/squid_ldap_auth
> myldapserver
>
> acl all src 0.0.0.0/0
> acl ldap proxy_auth REQUIRED
> acl allowedsites dstdomain dhl.com
> acl allowedtimes time S M T W H F A 06:00-21:00
>
> http_access allow ldap
> http_access allow allowedsites
> http_access allow allowedtimes
> http_access deny all

this should look something like:
http_access allow allowedsites
http_access deny notallowedtimes
http_access allow ldap
http_access deny all

...as soon as squid matches an allow statement then it doesn't check any
more allow/deny statements and allows access, so you need to deny for
the times that people _can't_ access the whole web before your allow
statement...
Hope this is clear enough..
-Brian
Received on Thu May 04 2000 - 08:51:02 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:16 MST