[squid-users] ext_ldap_group_acl - allowing websites based on ad group membership

mathew abraham ichayan at hotmail.com
Tue Feb 9 16:21:25 UTC 2016 

Thank you for the quick reply. I have tried it with quotes the results are the same. It's not working. 



> On 9 Feb 2016, at 3:37 pm, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> 
>> On 10/02/2016 3:24 a.m., mathew abraham wrote:
>> Could some point me to the right direction?
>> I want to use ext_ldap_group_acl to allow certain users who are members of the ad group for example
>> YouTube - Allowed, Twitter - Allowed
>> Yes with the blank space and dash in the group name. For that reason I have create files /adgroups/youtube.txt and /adgroups/youtube.txt
>> The content of the file is "YouTube - Allowed" and the other file "Twitter - Allowed" 
>> Within quotes.
>> What am I doing wrong, the websites are blocked even if a user is in the allowed group. Please help.
>> Extract from squid.conf below
>> external_acl_type ldapgroup ttl=3600 negative_ttl=3600 %LOGIN /lib/squid/ext_ldap_group_acl -R -b "dc=mydomain,dc=com" -f "(&(samaccountname=%v)
>> (memberof=cn=%a,dc=mydomain,dc=com))" -D squid at mydomain.com -w MyPassword -h mydomain.com 
>> acl allowtwitter external ldapgroup /adgroups/twitter.txtacl allowyoutube external ldapgroup /adgroups/youtube.txt
>> acl twitter dstdomain twitter.comacl youtube dstdomain www.youtube.com
>> http_access deny !allowtwitter twitterhttp_access deny !allowyoutube youtube
>> http_access allow allowtwitterhttp_access allow allowyoutube                         
> 
> To load the acl parameters from a file you need to put "" around the
> filename in squid.conf.
> 
> Like this:
> 
> acl allowtwitter external ldapgroup "/adgroups/twitter.txt"
> 
> acl allowyoutube external ldapgroup "/adgroups/youtube.txt"
> 
> 
> The "" tells Squid its a filename and not a group called
> '/adgroups/twitter.txt' etc.
> 
> This strange filename syntax is why you cant just use quoted strings on
> the acl line in the first place.
> 
> Amos
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list