[squid-users] HELP - squidGuard, Squid amd LDAP authentication/groups

From: Mauricio Pegoraro <mauricio.pegoraro@dont-contact.us>
Date: Wed, 22 Oct 2003 16:15:17 -0300

Hi.

I'm using squidGuard for content filtering and it's great (fast and reliable).

Till now I've been using Squid and squidGuard block/don't block based on IP adresses. But now, because some "new" policies, I must do the control based on username and groups of my LDAP server.
Ok. I did it fine with pam_auth, pam_auth and ldap_groups, but I'm having trouble to integrate all this with squidGuard (all blocking mechanism). And, moslty, my problems were originated because the way the "new" poilicies must be implemented. See bellow:

1. the user enter a URL in his browser;
2. if the URL is authorized, the navigation goes on, no blocking;
3. if the URL is not authorized (porn, gambling, ...), there must be authentication (via pam_auth + pam_ldap);
4. then after user authenticates, it's verified against LDAP groups to see if he belongs to NOBLOCK group;
5. if yes (the user belongs to NOBLOCK group), the navigation goes on, no blocking, but logged;
6. if no (the user doens't belong to NOBLOCK group), the navigation is denied.

So, I know that it's a bit complex (and the e-mail a bit longer), my question is: how can I implement this using squidGuard?

Maybe the developers or some user from the list could have a thought or two on this issue.

Thanks in advance.

MaurícioWP.

MaurícioWP.

............................................................
Maurício Westendorff Pegoraro
Analista de Sistemas - Segurança
ADP Brasil
Suporte ADP RBS

51 3218-6227
mauricio.pegoraro@adprs.com.br
............................................................
Received on Wed Oct 22 2003 - 12:15:19 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:36 MST