Re: [squid-users] Squid_ldap_auth multiple groups

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 10 Aug 2004 15:32:39 +0200 (CEST)

On Tue, 10 Aug 2004, Tim Neto wrote:

> If you use "squid_ldap_auth" for group control, then why was
> "squid_ldap_group" created?

squid_ldap_auth is for authentication, not authorization. In many LDAP
directories the filter can specify groups restricting who may authenticate
to the proxy.

squid_ldap_group is for authorization only, to give different groups of
authenticated users different privileges.

If you do not need to specify different authorization for different groups
and your directory allows direct filtering on group membership then there
is no need for squid_ldap_group, only squid_ldap_auth.

If you need to give different groups different privileges in the proxy
then you must use squid_ldap_group in addition to squid_ldap_auth.

Regards
Henrik
Received on Tue Aug 10 2004 - 07:32:45 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT