I have the following rules in my 2.6 config file:
-----
external_acl_type AlmostNoInternetChecker %LOGIN
/usr/local/squid/libexec/squid_ldap_group -R -b
"dc=companyname,dc=local" -D
"cn=Administrator,cn=Users,dc=companyname,dc=local" -w "mysecret" -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=AlmostNoInt
ernet,cn=Domain Users,dc=companyname,dc=local))" -h 10.10.10.1
acl AlmostNoInternetAccess external AlmostNoInternetChecker
AlmostNoInternet
http_access deny all AlmostNoInternetAccess
-----
I want to know if my external_acl_type spelling is good.
My Active Directory setup:
- companyname.local
- Users
- Computers
- Domain Users
- PersonA (user)
- PersonB (user)
- PersonC (user)
- AlmostNoInternet (securitygroup - global)
PersonA is a member of group AlmostNoInternet.
Before the ldap group checking is done the user has done a good login.
Regards,
Jaap
Received on Tue May 27 2008 - 13:15:27 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 05 2008 - 01:05:14 MDT