On Mon, Feb 10, 2014 at 10:21 AM, Scott Mayo <scotgmayo@xxxxxxxxx> wrote: > On Mon, Feb 10, 2014 at 9:14 AM, Scott Mayo <scotgmayo@xxxxxxxxx> wrote: >> I have tried quite a few different forms of the following, but it does >> not work. I must be doing something wrong: >> external_acl_type squid_teachers -b "dc=school,dc=org" -f >> "(&cn=%g)(memberUid=%u))" -h 192.168.1.1 >> acl teacher_group external teachers >> http_access deny teacher_group > > I have also tried the following amongst some other things: > > external_acl_type squid_teachers -b "dc=school,dc=org" -f > "(&cn=teacher)(memberUid=%u))" -h 192.168.1.1 > acl teacher_group external teachers teacher > http_access deny teacher_group And after doing more reading and seeing other examples, I really think this should take care of it, but it still does not work. external_acl_type squid_teachers -b "dc=school,dc=org" -f "(&cn=%g)(memberUid=%u))" -h 192.168.1.1 acl teacher_group external teachers teacher http_access deny teacher_group If I understand correctly, the "teacher" from the external "acl teacher_group" should replace the %g from the external_acl_type. If the user is in the group "teacher", it looks like they should be denied access in the above example, but they are not. Thanks again for any input. -- Scott Mayo Mayo's Pioneer Seeds PH: 573-568-3235 CE: 573-614-2138
