[squid-users] Squid 2.6 - Deny all users in a specific Active Directory OU (not group)

From: Kris Glynn <Kristen.Glynn_at_virginblue.com.au>
Date: Tue, 18 May 2010 14:33:54 +1000

Hi,

I would like to know if it is possible to deny/allow based on a specific OU in Active Directory.

Problem: I have an OU (OU=Service Accounts,dc=company,dc=internal) that contains accounts that should not be allowed access through squid.

How would I go about denying access to all users in OU=Service Accounts,dc=company,dc=internal given my current ldap configuration below.

auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b "dc=company,dc=internal" -D username -w password -f "(&(sAMAccountName=%s)(objectClass=Person))" -t 10 -h 192.168.60.4
auth_param basic children 40
auth_param basic realm Internet Access
auth_param basic credentialsttl 1 hours

external_acl_type ldap_group ttl=3600 children=60 %LOGIN /usr/lib/squid/squid_ldap_group -R -b "dc=company,dc=internal" -B "dc=company,dc=internal" -F "(&(sAMAccountName=%s)(objectClass=Person))" -f "(&(member=%v)(cn=%a))" -D username -w password -h 192.168.60.4 -P

Thanks
Kris
The content of this e-mail, including any attachments, is a confidential communication between Virgin Blue, Pacific Blue or a related entity (or the sender if this email is a private communication) and the intended addressee and is for the sole use of that intended addressee. If you are not the intended addressee, any use, interference with, disclosure or copying of this material is unauthorized and prohibited. If you have received this e-mail in error please contact the sender immediately and then delete the message and any attachment(s). There is no warranty that this email is error, virus or defect free. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. If this is a private communication it does not represent the views of Virgin Blue, Pacific Blue or their related entities. Please be aware that the contents of any emails sent to or from Virgin Blue, Pacific Blue or their related entities may be periodically monitored and reviewed. Virgin Blue, Pacific Blue and their related entities respect your privacy. Our privacy policy can be accessed from our website: www.virginblue.com.au
Received on Tue May 18 2010 - 04:34:02 MDT

This archive was generated by hypermail 2.2.0 : Wed May 19 2010 - 12:00:06 MDT