Herešs an example from our config that works fine. We have a (largish)
group of users we donšt want surfing the web but they do need access to the
fedex website for shipping - you can obviously configure it to suit your own
needs. I created the OU containers in the root of the domain tree and
somehow I remember (from two years ago) fighting with it when I had them
nested deeper than that, but that's AD 2000 for you... Also the OU container
names are case-sensitive IIRC. Make an LDAP user who has read-only access
for production use.
# Set up group queries against AD.
external_acl_type InetGroup %LOGIN /usr/lib64/squid/squid_ldap_group \
-b "dc=[domain],dc=net" -D "cn=[username],cn=Users,dc=[domain],dc=net" \
-s sub \
-w "[password]" \
" \
-h ldap
# Destinations here
acl fedex dstdomain .fedex.com
# User groups here
acl localnet proxy_auth REQUIRED src 10.0.0.0/8
acl AllWebAccess external InetGroup allweb
acl FedexWebAccess external InetGroup fedexweb
acl BlockedWebAccess external InetGroup blockedweb
http_access allow fedex FedexWebAccess
http_access allow AllWebAccess
http_access allow !BlockedWebAccess
http_access deny all
On 2/19/10 12:12 PM, "Chris Robertson" <crobertson_at_gci.net> wrote:
> Fabio Almeida wrote:
>> Hi all,
>>
>> Can I use Active Directory to store URLs, Words, etc with external_acl
>> statement?
>>
>
> As long as you can craft an external_acl script to query it, yes.
>
>> I've sucessfully configured squid to authenticate users and groups
>> against Active Directory.
>> I'm wondering if I can use AD to store words, phrases and URLs instead
>> of a plain file.
>>
>> Is it possible,
> Probably.
>> practical
> Questionably.
>> and as fast as files?
>>
> Not a chance.
>> Any directions would be appreciated.
>>
>> My best regards,
>> Fábio Almeida
>>
> Chris
>
Received on Fri Feb 19 2010 - 21:37:51 MST
This archive was generated by hypermail 2.2.0 : Sat Feb 20 2010 - 12:00:05 MST