Hi all,
1)
I am using LDAP for authenticating. I would like my users to
be divided into groups with different access rights.
level1 - can access any site
level2 - can access any site not in blacklist
level3 - can access intranet sites only
2)
I configured squid for authenticate to LDAP.
auth_param basic program /usr/lib/squid/squid_ldap_auth ...
auth_param basic children 10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
3)
I inserted a new attribute to LDAP called internetClass,
that can have "level1", "level2" or "level3" as content.
4)
Is there a way to create ACLs that can control the
rights for each group of users as described in 1)?
5)
Now I am using a script that prepares three files, one
for each group of users, and one ACL for each group,
like:
acl LEVEL1 proxy_auth_regex -i "/etc/squid/user/level1"
acl LEVEL2 proxy_auth_regex -i "/etc/squid/user/level2"
acl LEVEL3 proxy_auth_regex -i "/etc/squid/user/level3"
The script runs under cron and issues a -k reconfigure at
the end.
6)
Just for information, other rules are:
acl BLACKLIST urlpath_regex -i "/etc/squid/block/blacklist"
acl INTRANET urlpath_regex -i "/etc/squid/block/intranet"
... and:
http_access allow LEVEL1
http_access allow LEVEL2 !BLACKLIST
http_access allow LEVEL3 INTRANET
http_access deny all
Thanks!
-- Bye, Fernando Maciel Souto Maior fernando@araujo.com.br http://www.araujo.com.br +55+31 3270-5886Received on Thu Jul 31 2003 - 12:45:44 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:23 MST