Hi folks,
i'm using squid_ldap_auth to authenticate users againts an ADS at one
site, which works fine. By security policy i'm required to process only
request by Win2k oder WinXP clients. Win9x clients should be denied. I
had two ideas how this could be accomplished:
1.) Assuming that the browser submits browsertype and OS-version at
each request, i could use this information. The question is how
i would access the information and pass it to an ACL?
2.) Taken from the squid logs the client submits it's IP upon each
request. I would resolve the IP to a hostname, and look up if a
workstation object of the same name exists in the ADS by using
ldapsearch. Regarding the use of ldapsearch i would add the code
to squid_ldap_auth.
Could anyone comment this, give me some pointers how this an be solved
more easily or has even come up with a solution in the past?
Regards,
Frank
-- GMX ProMail (250 MB Mailbox, 50 FreeSMS, Virenschutz, 2,99 EUR/Monat...) jetzt 3 Monate GRATIS + 3x DER SPIEGEL +++ http://www.gmx.net/derspiegel +++ -- GMX ProMail (250 MB Mailbox, 50 FreeSMS, Virenschutz, 2,99 EUR/Monat...) jetzt 3 Monate GRATIS + 3x DER SPIEGEL +++ http://www.gmx.net/derspiegel +++Received on Fri Feb 20 2004 - 15:05:34 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:02 MST