On Wed, 09 Dec 2009 12:34:42 -0200, Felipe Augusto van de Wiel
<felipe.wiel_at_hpp.org.br> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi,
>
> I'm already using LDAP authentication and the
> company I work for tries to put a lot of authentication
> and authorization (meta-)information inside LDAP.
>
> This week, we were wondering if it is possible
> to use LDAP as a backend for acl lists. The idea would
> be to get a list of domains for a user or a list of
> source domains for an acl and so on, instead of putting
> the list on squid.conf or in and external file, LDAP
> would be the "repository".
>
> Looking to the standard config it doesn't seems
> to be possible, the only external "repository" would be
> a file, but do you believe it is possible to try to
> achieve it using external_acl?
>
> Writing a custom script that would get info
> from LDAP and check different items and conditions?
>
Yes. Exactly the intention of the external_acl_type. It's frequently done
with other database backends.
The cons are that its a "slow" type ACL as well as being relatively slow
time-wise. So not all tests can use it.
>
> Have anybody heard about anything on those lines?
>
AFAIK there is nothing preventing it.
Have not heard about it being done for LDAP yet but that is not unusual
since any such implementation would be an extremely site-specific custom
setup.
Amos
Received on Wed Dec 09 2009 - 22:09:45 MST
This archive was generated by hypermail 2.2.0 : Thu Dec 10 2009 - 12:00:01 MST