hi
I have used for many years auth for squid by looking up user/pass and
group membership against Active Directory.
I have found that I can place into AD groups, hostnames. The object
type of "computers" as AD describes it. querying the directory with
cn=<somehostname> returns the group as does cn=<somegroupname> return
that group's members.
I see that I can define an external ACL type and use %SRC, which is
the client ip. As the AD group contains hostnames, I'm trying to see
if I can write a simple helper that turns %SRC into a hostname and
perhaps in turn then calls squid_ldap_group to test the hostname value
for membership of a group, finally returning "OK" or "ERR" as
required. The end result is that if a certain hostname is in an AD
group then I can make acl decisions based on that.
But I'm not quite understanding enough. In particular the filter
specification to squid_ldap_group seems only to have the variables %u
and %g for username and group name and I don't see how to populate %u
in this context.
Is it the case that from
external_acl_type name %SRC /usr/lib/squid/squid_ldap_group ... -f
(&(cn=%u)(memberOf=%g)) ...
%u would equal %SRC ?
Any help much appreciated on how to do this, or another method to
achieve the same thing.
thanks
rolf.
Received on Tue Dec 18 2007 - 19:23:40 MST
This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:02 MST