[squid-users] Re: Ldap Groups

From: Scott Mayo <scotgmayo_at_gmail.com>
Date: Mon, 10 Feb 2014 11:15:59 -0600

On Mon, Feb 10, 2014 at 10:21 AM, Scott Mayo <scotgmayo_at_gmail.com> wrote:
> On Mon, Feb 10, 2014 at 9:14 AM, Scott Mayo <scotgmayo_at_gmail.com> wrote:
>> I have tried quite a few different forms of the following, but it does
>> not work. I must be doing something wrong:
>> external_acl_type squid_teachers -b "dc=school,dc=org" -f
>> "(&cn=%g)(memberUid=%u))" -h 192.168.1.1
>> acl teacher_group external teachers
>> http_access deny teacher_group
>
> I have also tried the following amongst some other things:
>
> external_acl_type squid_teachers -b "dc=school,dc=org" -f
> "(&cn=teacher)(memberUid=%u))" -h 192.168.1.1
> acl teacher_group external teachers teacher
> http_access deny teacher_group

And after doing more reading and seeing other examples, I really think
this should take care of it, but it still does not work.

external_acl_type squid_teachers -b "dc=school,dc=org" -f
"(&cn=%g)(memberUid=%u))" -h 192.168.1.1
acl teacher_group external teachers teacher
http_access deny teacher_group

If I understand correctly, the "teacher" from the external "acl
teacher_group" should replace the %g from the external_acl_type. If
the user is in the group "teacher", it looks like they should be
denied access in the above example, but they are not.

Thanks again for any input.

-- 
Scott Mayo
Mayo's Pioneer Seeds   PH: 573-568-3235   CE: 573-614-2138
Received on Mon Feb 10 2014 - 17:16:22 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 11 2014 - 12:00:08 MST