On 10/02/2016 3:24 a.m., mathew abraham wrote: > Could some point me to the right direction? > I want to use ext_ldap_group_acl to allow certain users who are members of the ad group for example > YouTube - Allowed, Twitter - Allowed > Yes with the blank space and dash in the group name. For that reason I have create files /adgroups/youtube.txt and /adgroups/youtube.txt > The content of the file is "YouTube - Allowed" and the other file "Twitter - Allowed" > Within quotes. > What am I doing wrong, the websites are blocked even if a user is in the allowed group. Please help. > Extract from squid.conf below > external_acl_type ldapgroup ttl=3600 negative_ttl=3600 %LOGIN /lib/squid/ext_ldap_group_acl -R -b "dc=mydomain,dc=com" -f "(&(samaccountname=%v) > (memberof=cn=%a,dc=mydomain,dc=com))" -D squid@xxxxxxxxxxxx -w MyPassword -h mydomain.com > acl allowtwitter external ldapgroup /adgroups/twitter.txtacl allowyoutube external ldapgroup /adgroups/youtube.txt > acl twitter dstdomain twitter.comacl youtube dstdomain www.youtube.com > http_access deny !allowtwitter twitterhttp_access deny !allowyoutube youtube > http_access allow allowtwitterhttp_access allow allowyoutube > To load the acl parameters from a file you need to put "" around the filename in squid.conf. Like this: acl allowtwitter external ldapgroup "/adgroups/twitter.txt" acl allowyoutube external ldapgroup "/adgroups/youtube.txt" The "" tells Squid its a filename and not a group called '/adgroups/twitter.txt' etc. This strange filename syntax is why you cant just use quoted strings on the acl line in the first place. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
