Maybe i'll try to simplify my question ;) Is it possible to skip the: > http_access allow AllowedMemberOf all if auth_param basic was the authenticator (instead of the other authentications like NTLM/LDAP)? Condensed config: >> # basic-auth >> >> auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd >> >> >> # AD memberof check >> >> external_acl_type memberof ttl=300 negative_ttl=300 %LOGIN /usr/lib/squid3/ext_ldap_group_acl -R -K -b "dc=COMPANY,dc=i >> nt" -D squid@xxxxxxxxxxx -W /etc/squid3/ldappass.txt -f "(&(objectclass=person)(sAMAccountName=%v)(memberof:1.2. >> 840.113556.1.4.1941:=cn=%g,ou=Groups,ou=foobar,dc=COMPANY,dc=int))" -h ad.company.int,ad3.company.int >> >> acl auth proxy_auth REQUIRED >> http_access deny !auth >> http_access allow auth >> >> acl AllowedMemberOf external memberof "/etc/squid3/memberof_allow.txt >> acl BlockedMemberOf external memberof "/etc/squid3/memberof_deny.txt" >> >> http_access allow AllowedMemberOf all >> http_access deny BlockedMemberOf all -- Schinken Backspace e.V. http://hackerspace-bamberg.de mail: schinken@xxxxxxxxxxxxxxxxxxxxxx xmpp: schinken@xxxxxxxxxxx (otr) GPG: FFB7 E40D B2DD D24C C9B7 B5C5 703C F8B8 882C 871E
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
