On Thursday 31 July 2003 21.35, Fernando Maior wrote:
> 1)
> I am using LDAP for authenticating. I would like my users to
> be divided into groups with different access rights.
Ok.
> 3)
> I inserted a new attribute to LDAP called internetClass,
> that can have "level1", "level2" or "level3" as content.
What is wrong with using normal LDAP groups?
> 4)
> Is there a way to create ACLs that can control the
> rights for each group of users as described in 1)?
Yes. See squid_ldap_group. Can be used both in this mode, and for
normal LDAP groups.
> 5)
> Now I am using a script that prepares three files, one
> for each group of users, and one ACL for each group,
> like:
>
> acl LEVEL1 proxy_auth_regex -i "/etc/squid/user/level1"
> acl LEVEL2 proxy_auth_regex -i "/etc/squid/user/level2"
> acl LEVEL3 proxy_auth_regex -i "/etc/squid/user/level3"
If you do this you should use proxy_auth, not proxy_auth_regex.
Especially if the lists are large..
But I would recommend using squid_ldap_group.
> 6)
> Just for information, other rules are:
>
> acl BLACKLIST urlpath_regex -i "/etc/squid/block/blacklist"
> acl INTRANET urlpath_regex -i "/etc/squid/block/intranet"
Again, you should use the dstdomain acl where applicable rather than
urlpath_regex.
Large regex based access lists uses quite a lot of CPU time compared
to the other acl types.
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Thu Jul 31 2003 - 14:37:15 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:23 MST