Hi.
On 06.08.2012 16:48, Markus Moeller wrote:
> Hi Eugene,
>
> How would a squid_group_ldap line look like ? From where would the
> group name come from ? I could try to add this feature.
>
That would be awesome.
squid_group_ldap is expecting to see the username along with the group
name to check the membership in on it's stdin. It looks the same way
your helper works, just with a group name. In the same time, in a config
file you could describe the group directly, or supply a filename which
contains the group name (I prefer a filename, for example).
My squid.conf prior to using squid_kerb_ldap helper used to look like:
===Cut===
external_acl_type ldap_group ttl=60 negative_ttl=60
children=40 %LOGIN \
/usr/local/libexec/squid/squid_ldap_group \
-b cn=Users,dc=norma,dc=com \
-f
"(&(cn=%g)(member=%u)(objectClass=group))" \
-F "sAMAccountname=%s" \
-D
cn=dca,cn=Users,dc=norma,dc=com \
-W
/usr/local/etc/squid/ad.passwd -h hq-gc.norma.com -v 3 -p 389
acl ad-internet-users external ldap_group
"/usr/local/etc/squid/ad-internet-users.acl"
acl ad-privileged external ldap_group
"/usr/local/etc/squid/ad-privileged-users.acl"
acl ad-icq-only external ldap_group
"/usr/local/etc/squid/ad-icq-only.acl"
acl ad-no-icq external ldap_group
"/usr/local/etc/squid/ad-no-icq.acl"
acl kontur-clients external ldap_group
"/usr/local/etc/squid/kontur-clients.acl"
acl ad-no-pictures external ldap_group
"/usr/local/etc/squid/ad-no-pictures.acl"
acl ad-personnel-only external ldap_group
"/usr/local/etc/squid/ad-personnel-only.acl"
acl ad-mdm external ldap_group
"/usr/local/etc/squid/ad-internet-users-mdm.acl"
acl ad-sber external ldap_group
"/usr/local/etc/squid/ad-internet-users-sber.acl"
acl ad-e5 external ldap_group
"/usr/local/etc/squid/ad-e5.acl"
acl ad-raiffeisen external ldap_group
"/usr/local/etc/squid/ad-raiffeisen.acl"
===Cut===
Thanks.
Eugene.
Received on Mon Aug 06 2012 - 12:07:43 MDT
This archive was generated by hypermail 2.2.0 : Mon Aug 06 2012 - 12:00:03 MDT