tis 2010-05-18 klockan 14:33 +1000 skrev Kris Glynn:
> I would like to know if it is possible to deny/allow based on a specific OU in Active Directory.
Yes. The squid_ldap_group helper can do this by simply searching for the
user again below that OU and denying access if found.
external_acl_program ldap_service_accounts %LOGIN /usr/lib/squid_ldap_group -R -b "OU=Service Accounts,dc=company,dc=internal" -D username -w password -f "(&(sAMAccountName=%u)(objectClass=Person))" -h 192.168.60.4
acl ldap_service_accounts external ldap_service_accounts X
http_access deny ldap_service_accounts
If you have many of these OUs that you want to match then the -g option
to squid_ldap_group may be handy, enabling you to add the OU part via
the acl line. But is a little tricky if the OU contains spaces as in
your "OU=Service Accounts" (requries an acl include file).
Regards
Henrik
Received on Tue May 18 2010 - 19:31:39 MDT
This archive was generated by hypermail 2.2.0 : Wed May 19 2010 - 12:00:06 MDT