Squid does not yet have a good concept of groups.
If all you need to do is to exclude this group of people from using the
proxy at all then extending squid_ldap_auth to verify the group
membership before considering the login as valid isn't such a hard task
to do.
If this group of people still needs limited access to the proxy, then
the problem is a little bit harder to address. There is the external_acl
concept being developed to allow such problems to be addressed in a
common way. <http://devel.squid-cache.org/externa_acl/>
In both cases, some limited amount or programming is required.
The third alternative is to use the "Group LDAP authentication" patch.
See the squid-users archives for details.
Regards
Henrik Nordström
Squid Hacker
shadha wrote:
>
> hello all,
>
> I need to make one acl that it denies access to a
> group of users that authenticate in the LDAP directory.
> can you help me or give me an example or the path that I must cover to
> do this acl?
>
> For example:
> acl ldap proxy_auth REQUIRED (working ok!)
> acl negatudo-netdeny?????
>
> http_access deny negatudo-netdeny
> http_access allow ldap (working ok)
>
> my squid functions upper-class in ldap. I don`t have problems in a basic
> authentication
> with my squid on ldap today but i need deny access of the 1000 users
>
> thank`s a lot for attention.
>
> TIA,
> -shadha.
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
Received on Tue Oct 30 2001 - 07:26:03 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:03:12 MST