Hi Eugene,
What do you suggest squid_kerb_ldap should do to make it simpler for you ?
Markus
"Eugene M. Zheganin" <emz_at_norma.perm.ru> wrote in message
news:501A1D2C.9060206_at_norma.perm.ru...
> Hi.
>
> On 01.08.2012 23:02, Markus Moeller wrote:
>> Hi Eugene,
>>
>> Are all 12 groups for the same control ? If so you can use -g
>> Group1:Group2:Group3:.....
>>
> No, I map them to different acls, and then those acls are used to restrict
> various levels of the access.
>
> Like:
>
> (it was)
> external_acl_type ldap_group [...]
>
> acl ad-internet-users external ldap_group
> "/usr/local/etc/squid/ad-internet-users.acl"
> acl ad-privileged external ldap_group
> "/usr/local/etc/squid/ad-privileged-users.acl"
> acl ad-icq-only external ldap_group "/usr/local/etc/squid/ad-icq-only.acl"
> acl ad-no-icq external ldap_group "/usr/local/etc/squid/ad-no-icq.acl"
>
> http_access allow ad-internet-users something
> http_access deny ad-internet-users something1
> http_access allow ad-privileges something1
>
> and so on.
>
> Eugene.
>
Received on Fri Aug 03 2012 - 06:42:27 MDT
This archive was generated by hypermail 2.2.0 : Mon Aug 06 2012 - 12:00:03 MDT