Simple guide to show how one can use LDAP groups to set some acl's on Squid proxy.
All you'll have to do is edit the squid.conf file and add these entries:
external_acl_type ldapgroup %LOGIN /usr/lib/squid/squid_ldap_group -b "ou=Groups,dc=example,dc=local" -f "(&(cn=%g)(memberUid=%u))" -h ldap_server
Create a new external acl which validates if a user belongs to a ldap group
acl ldapgroup-domainallowed external ldapgroup google_allowed
This acl will validate if the user belongs to the group google_allowed. Notice that one could set multiple acl like this one, but to check other ldap groups.
acl domain_allow dstdomain google.com
Example of an acl which checks the domain destination
http_access deny domain_allow !ldapgroup-domainallowed
With this you'll only allow access to google to users which belong to group google_allowed
Subscrever:
Enviar feedback (Atom)
Sem comentários:
Enviar um comentário