Re: Re: Re: Re: Re: Re: Re: squid_ldap_group against nested groups/Ous

"Markus Moeller" <huaraz@xxxxxxxxxxxxxxxx> · Thu, 2 Aug 2012 23:02:43 +0100

Hi Eugene,

 What do you suggest squid_kerb_ldap should do to make it simpler for you ?

Markus

"Eugene M. Zheganin" <emz@xxxxxxxxxxxxx> wrote in message 
news:501A1D2C.9060206@xxxxxxxxxxxxx...
Hi.

On 01.08.2012 23:02, Markus Moeller wrote:
Hi Eugene,

  Are all 12 groups for the same control ?  If  so you can  use -g 
Group1:Group2:Group3:.....

No, I map them to different acls, and then those acls are used to restrict 
various levels of the access.

Like:

(it was)
external_acl_type ldap_group [...]

acl ad-internet-users  external ldap_group 
"/usr/local/etc/squid/ad-internet-users.acl"
acl ad-privileged external ldap_group 
"/usr/local/etc/squid/ad-privileged-users.acl"
acl ad-icq-only external ldap_group "/usr/local/etc/squid/ad-icq-only.acl"
acl ad-no-icq external ldap_group "/usr/local/etc/squid/ad-no-icq.acl"

http_access allow ad-internet-users something
http_access deny ad-internet-users something1
http_access allow ad-privileges something1

and so on.

Eugene.