[squid-users] web access based on ldap groups

From: cipher <cipher@dont-contact.us>
Date: Wed, 02 Feb 2005 21:57:35 +0000

Dear users,

I just got squid authenticating through ldap, using
squid_ldap_auth and everything is fine.
Users can authenticate and no problems are showing up.

Now i would like to know a way to give user permissions
to different web accesses to different users.
For example, i have this configuration:

[...]
acl block_word url_regex "/etc/squid/block_word"
acl block_url url_regex "/etc/squid/block_url"
acl block_domain dstdomain "/etc/squid/block_domain"
acl block_dest_ip dst "/etc/squid/block_dest_ip"
acl accept proxy_auth "/etc/squid/accept_user"
acl forbidden proxy_auth "/etc/squid/forbidden_user"
http_access allow accept block_word
http_access allow accept block_domain
http_access allow accept block_dest_ip
http_access allow accept block_url
http_access deny forbidden block_word
http_access deny forbidden block_domain
http_access deny forbidden block_dest_ip
http_access deny forbidden block_url
[...]

What happened was that i was filtering web access
through a text file called /etc/squid/accept_user
and /etc/squid/forbidden_user, which had information
about the users that were allowed or not allowed to
have web access to the urls in the /etc/squid/block_url
file for example.

Now with ldap working i have two groups:

 -> proxy-allow
 -> proxy-deny

I want to put users in those two groups, and the ideia
is that users in the proxy-allow group will have
web access to urls in the /etc/squid/block_url and
users in the proxy-deny group will not have web access to
those urls.

I am aware that squid_ldap_group does the job but i am
not really understanding how.

I read through the archives and no answer to this issue
was found. At least i wasn't able to see it. :)

I already know that an external_acl_type acl is needed.
I just haven't figured out how to tell squid.conf to go
search on that groups and give access like it is meant to.

Is there a chance someone could point in the right
direction to get this working or maybe point me the archive
where this issue is answered?

Feel free to ask for more configuration information if
you need to.

Thanks a lot for reading this and in advance!

*cipher*

-------------------------------------------------
Email Enviado utilizando o serviço MegaMail
Received on Wed Feb 02 2005 - 14:57:00 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:01 MST