# Define external authentication acl external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -B ou=people,dc=yourcompany,ou=com -b ou=Group,dc=yourcompany,dc=com -f (&(cn=%g)(memberUid=%u))" -h ldap.yourcompany.com # Define the group acl somegroup external ldap_group group_you_need_to_be_member_of # Some URL acl someurl url_regex ^http://foo.bar.baz/bam$ # deny the group access to the url http_access deny somegroup someurl Thien On 4/18/05, D & E Radel <radel@xxxxxxxxxxx> wrote: > > ----- Original Message ----- > From: "D & E Radel" <radel@xxxxxxxxxxx> > To: "Henrik Nordstrom" <hno@xxxxxxxxxxxxxxx> > Cc: <squid-users@xxxxxxxxxxxxxxx> > Sent: Tuesday, April 19, 2005 10:39 AM > Subject: [squid-users] squid_ldap_group - url access restrictions based on > group > > >>> We are trying to allow block access to certain sites to a certain group, > >>> but not another group. Am I too ambitious? ;-) > >> > >> Pretty standard thing for using squid_ldap_group. > >> > >> Regards > >> Henrik > > > > Hi Henrik, > > > > Note: changed the subject as the topic of my original post has evolved. > > :-) > > > > I see that you co-wrote squid_ldap_group. Do you have (or know the > > location of) a detailed HOWTO or perferably a sample squid.conf file that > > contains a working scenario as mentioned above. ie with various ACLs and > > access restrictions based on group? > > > > thanks in advance. > > grol > > Googling for examples come up with next to nothing. I have seen reference to > "objectclass=person", "objectclass=posixGroup" and > "objectClass=groupOfNames". But no docs that I can see to decypher what > these mean or how they are implemented. > > TIA, > grol. > >