[squid-users] Storing more squid config into LDAP

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

        I'm already using LDAP authentication and the
company I work for tries to put a lot of authentication
and authorization (meta-)information inside LDAP.

        This week, we were wondering if it is possible
to use LDAP as a backend for acl lists. The idea would
be to get a list of domains for a user or a list of
source domains for an acl and so on, instead of putting
the list on squid.conf or in and external file, LDAP
would be the "repository".

        Looking to the standard config it doesn't seems
to be possible, the only external "repository" would be
a file, but do you believe it is possible to try to
achieve it using external_acl?

        Writing a custom script that would get info
from LDAP and check different items and conditions?

        In principle, the discussion lead us to having
an LDAP object for squid with generic lists, like
sites allowed for all the company, sites for a Walled
Garden, sites restricted for different groups, but we
also spoke about having lists per-user, as every person
would have an object inside LDAP, we could have a field
that would add or remove sites from the previous lists
in a per-user basis.

        What do you think?

        Have anybody heard about anything on those lines?

        Thanks in advance for any info/suggestions. :)

Kind regards,
- --
Felipe Augusto van de Wiel <felipe.wiel_at_hpp.org.br>
Tecnologia da Informação (TI) - Complexo Pequeno Príncipe
http://www.pequenoprincipe.org.br/ T: +55 41 3310 1085
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCgAGBQJLH7V+AAoJECCPPxLgxLxPdjgP/Ai4DCQRoE6rvU6y1bpAlcbG
tSgA22nBr2bdPfE2HYkEROyH8T0PzwVJVuoD1v7XYOy31ZRsmET9Y45vLBwYR1t5
1ic1j4N5GHrSJ0iZj7+fCAoi5rKW3EghewYYvZ6poFKrpNVjsIY9z2SqYCW48mHi
itfeen/FYHI0dHNAoryGE/0YThtGGcIsjA/YlnQ2jb9gEvolQOvGNIcMTeKNJZEy
zFjgd/wjyzb0Q9tEI7cYGA+PgMfxLdWernPnrWpNsReg6u5Bt7LajJB5yzYOHvzZ
2x9/bsnqwaN0r0zN2uL+zpEP/dzNK4kctshCe7sOclTBg9fkL+VoTnVDkZjIWeKL
B5AwqvoaQ85MD5ueG/nWAqXJJqdcaAyGCa+fHY0Rg84G0a6P/gmgAM5qi1JxVp4t
yJQaMxDyxmTtdwOmR4LPXeOwu6LaLoCxI1Dd3AyMTGNmb2c5iSeCxhsYdVMqkfO2
0hs3KeDqYTSAERq1tihNpx5st8cmTIfFDlKon+d1ZE21sBNPhjAMzHUWa9pTw7RW
gJdLBQYVJUkRmSmxqdW0m39yi07e7H+34Qo8Qi3lmImezF6DlqBjUsxpp2XkmKZN
MfgSV7N+TUOtdWHxJZAFbEAmkxGgyVPkCgtN4B/m3aDwU/CcuiqNUg5h5R0gKXvT
Vyso4h8Qi9UoIsbzlqJy
=nwRu
-----END PGP SIGNATURE-----
Received on Wed Dec 09 2009 - 14:35:17 MST