Re: [squid-users] Re: Re: Re: Re: Re: Re: squid_ldap_group against nested groups/Ous

From: Eugene M. Zheganin <emz_at_norma.perm.ru>
Date: Thu, 02 Aug 2012 12:24:44 +0600

Hi.

On 01.08.2012 23:02, Markus Moeller wrote:
> Hi Eugene,
>
> Are all 12 groups for the same control ? If so you can use -g
> Group1:Group2:Group3:.....
>
No, I map them to different acls, and then those acls are used to
restrict various levels of the access.

Like:

(it was)
external_acl_type ldap_group [...]

acl ad-internet-users external ldap_group
"/usr/local/etc/squid/ad-internet-users.acl"
acl ad-privileged external ldap_group
"/usr/local/etc/squid/ad-privileged-users.acl"
acl ad-icq-only external ldap_group "/usr/local/etc/squid/ad-icq-only.acl"
acl ad-no-icq external ldap_group "/usr/local/etc/squid/ad-no-icq.acl"

http_access allow ad-internet-users something
http_access deny ad-internet-users something1
http_access allow ad-privileges something1

and so on.

Eugene.
Received on Thu Aug 02 2012 - 06:24:56 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 03 2012 - 12:00:03 MDT