[squid-users] squid_kerb_ldap multiple groups and granular http_access rules

From: Roy Anciso <roy_at_manistee.org>
Date: Thu, 4 Nov 2010 12:51:42 -0400

I know with squid_kerb_ldap you can list multiple groups using a colon
- group1:group2. However when i try to define http access rules for
specific groups I can't seem to get the acl right. At this point in
time I have separate external acls for each group to make this work
(see below). My question is - is there a better way to do this without
so many external acls defined? Thanks

external_acl_type kerbldapwebstaff ttl=3600 %LOGIN
/usr/local/bin/squid_kerb_ldap -i -d -g webstaff_at_MAPS.MISD.LOCAL

external_acl_type kerbldapweballow ttl=3600 %LOGIN
/usr/local/bin/squid_kerb_ldap -i -d -g weballow_at_MAPS.MISD.LOCAL

external_acl_type kerbldapwebdeny ttl=3600 %LOGIN
/usr/local/bin/squid_kerb_ldap -i -d -g webdeny_at_MAPS.MISD.LOCAL

acl kerb_group_webstaff external kerbldapwebstaff
acl kerb_group_weballow external kerbldapweballow
acl kerb_group_webdeny external kerbldapwebdeny

http_access allow kerb_group_webstaff
http_access allow kerb_group_weballow
http_access allow kerb_group_webdeny

Roy Anciso
Director of Technology
Manistee Intermediate School District
772 East Parkdale Avenue
Manistee, MI 49660
Ph: 231-723-4264
Fx: 231-398-3036
Received on Thu Nov 04 2010 - 16:51:45 MDT

This archive was generated by hypermail 2.2.0 : Fri Nov 05 2010 - 12:00:01 MDT