Re: [squid-users] squid_ldap_group - url access restrictions based on group

From: Thien Vu <thien.vu@dont-contact.us>
Date: Mon, 18 Apr 2005 17:01:30 -0700

# Define external authentication acl
external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -B
ou=people,dc=yourcompany,ou=com -b ou=Group,dc=yourcompany,dc=com -f
(&(cn=%g)(memberUid=%u))" -h ldap.yourcompany.com

# Define the group
acl somegroup external ldap_group group_you_need_to_be_member_of

# Some URL
acl someurl url_regex ^http://foo.bar.baz/bam$

# deny the group access to the url
http_access deny somegroup someurl

Thien

On 4/18/05, D & E Radel <radel@inet.net.nz> wrote:
>
> ----- Original Message -----
> From: "D & E Radel" <radel@inet.net.nz>
> To: "Henrik Nordstrom" <hno@squid-cache.org>
> Cc: <squid-users@squid-cache.org>
> Sent: Tuesday, April 19, 2005 10:39 AM
> Subject: [squid-users] squid_ldap_group - url access restrictions based on
> group
>
> >>> We are trying to allow block access to certain sites to a certain group,
> >>> but not another group. Am I too ambitious? ;-)
> >>
> >> Pretty standard thing for using squid_ldap_group.
> >>
> >> Regards
> >> Henrik
> >
> > Hi Henrik,
> >
> > Note: changed the subject as the topic of my original post has evolved.
> > :-)
> >
> > I see that you co-wrote squid_ldap_group. Do you have (or know the
> > location of) a detailed HOWTO or perferably a sample squid.conf file that
> > contains a working scenario as mentioned above. ie with various ACLs and
> > access restrictions based on group?
> >
> > thanks in advance.
> > grol
>
> Googling for examples come up with next to nothing. I have seen reference to
> "objectclass=person", "objectclass=posixGroup" and
> "objectClass=groupOfNames". But no docs that I can see to decypher what
> these mean or how they are implemented.
>
> TIA,
> grol.
>
>
Received on Mon Apr 18 2005 - 18:01:33 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:04 MDT