Will all 3 groups have the same rights ? Or do you want to block some users
and others not.
Markus
"Roy Anciso" <roy@xxxxxxxxxxxx> wrote in message
news:AANLkTikJgqwiztr3Ubnk-KFG-tHJXeRg0jG7okR2M9tY@xxxxxxxxxxxxxxxxx
Hello,
I know with squid_kerb_ldap you can list multiple groups using a colon
- group1:group2. However when i try to define http access rules for
specific groups I can't seem to get the acl right. At this point in
time I have separate external acls for each group to make this work
(see below). My question is - is there a better way to do this without
so many external acls defined? Thanks
external_acl_type kerbldapwebstaff ttl=3600 %LOGIN
/usr/local/bin/squid_kerb_ldap -i -d -g webstaff@xxxxxxxxxxxxxxx
external_acl_type kerbldapweballow ttl=3600 %LOGIN
/usr/local/bin/squid_kerb_ldap -i -d -g weballow@xxxxxxxxxxxxxxx
external_acl_type kerbldapwebdeny ttl=3600 %LOGIN
/usr/local/bin/squid_kerb_ldap -i -d -g webdeny@xxxxxxxxxxxxxxx
acl kerb_group_webstaff external kerbldapwebstaff
acl kerb_group_weballow external kerbldapweballow
acl kerb_group_webdeny external kerbldapwebdeny
http_access allow kerb_group_webstaff
http_access allow kerb_group_weballow
http_access allow kerb_group_webdeny
--
Roy Anciso
Director of Technology
Manistee Intermediate School District
772 East Parkdale Avenue
Manistee, MI 49660
Ph: 231-723-4264
Fx: 231-398-3036
roy@xxxxxxxxxxxx
