Hi all,
I hope this has not been addressed anywhere in the mailing lists. I did a
search and couldn't find anything, and I've already RTFM'd.
I don't understand how to set up the squid_ldap_group external acl type.
We are running Novell eDirectory and using various LDAP groups to
(hopefully) control internet access for our various high school campuses.
We want to have different control lists based upon the user. Students are
denied ftp downloads and are sent to a redirector/content filter, while we
IT people don't go to the redirector and get ftp downloads.
The man page for external_acl_type doesn't seem clear to me.
This is what I've got so far:
external_acl_type ldap_group %LOGIN /usr/sbin/squid_ldap_group -b <basedn>
-D <squidaccount> -w <passwd> -f
"(&(cn=%v)(groupMembership=cn=<group1dn>))" -h ldap.host
external_acl_type ldap_group %LOGIN /usr/sbin/squid_ldap_group -b <basedn>
-D <squidaccount> -w <passwd> -f
"(&(cn=%v)(groupMembership=cn=<group2dn>))" -h ldap.host
acl Restricted port 20 21 1025-65535
acl external ldap_group deny Restricted
acl external ldap_group allow Restricted
I'm certain I am doing something wrong with my "acl external" lines. How
do I differentiate the two different groups? How exactly is the
external_acl_type line used? Is ldap_group a reserved phrase that has to
follow external_acl_type? How do I return to squid the group membership
token for the user?
Thanks for any illumination...
Kelly Connor
Network Technician
Gilbert Unified School District
kelly_connor@gilbert.k12.az.us
Received on Wed Dec 01 2004 - 09:32:21 MST
This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:01 MST