fre 2003-07-04 klockan 10.24 skrev Diego Rivera:
> > Err.. the usernames in such setup include the domain so Squid can
> > easily group the users in different groups. But you probably want a
> > glue similar to the above around the group helpers as well if you
> > want to use group lookup helpers (2.5 feature).
>
> I assume you refer to external_acl_type.
Not only. The proxy_auth and proxy_auth_reges acl types also supports a
kind of groups, but not external such.
> The "OK" or "ERR" responses only indicate whether the user (source,
> destination, etc) would be a member of that ACL or not, correct?
Correct.
> Is there a way to define "dynamic" acls, where I wouldn't need multiple
> different ACL helpers, but just one, and from its output squid can know
> which (all?) of the dynamic ACLs the user belongs to.
external acls uses a two level configuration sheme.
1. external_acl_type defines an acl helper type, and the arguments
requires by this helper in what information from the request the helper
requires (login, client IP address, requested domain etc).
2. acl defines a specific acl, including extra acl data such as group
names etc for the helper.
As a result you can select pretty much any approach. Both a single
helper knowing of all your domains or one helper per domain is possible.
The input to the helper is the request related data defined by
external_acl_type + the data set in the specific acl.
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Fri Jul 04 2003 - 04:24:59 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:49 MST