[squid-users] benefits of using ext_kerberos_ldap_group_acl instead of ext_ldap_group_acl

Markus Moeller huaraz at moeller.plus.com
Wed Jan 21 21:07:59 UTC 2015


>
>
>"Amos Jeffries"  wrote in message news:54BE3B5C.8040800 at treenet.co.nz...
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On 20/01/2015 11:31 p.m., Simon Stäheli wrote:
>> Are there any other benefits in using ext_kerberos_ldap_group_acl
>> instead of ext_ldap_group_acl except the "Netbios name to Kerberos
>> domain name” mappings provided by the -N option. As far as I can
>> tell, this mapping can also easily be done by writing you own
>> helper perl script which is doing the mapping and finally feeds the
>> more common ext_ldap_group_acl helper.
>>
>
>Whatever floats your boat. The point of the Addon/Plugin/helpers API
>is that you can use scripts if thy serve your needs better.
>
>All the usual Open Source benefits of "many eyeballs" and somebody
>else doing code maintenance for you applies to using a bundled helper
>over a custom written one.
>
>Beyond that the kerberos helper also provides automatic detection of
>which LDAP server to use via mutiple auto-configuration methods.
>

The idea of the helper was to automate most of the configuration ( ignoring 
some performance ) and avoid using a username/password, support users from 
multiple domains. Secondly I wanted check for nested groups which was not 
available in the existing helper and thirdly I also check now against the 
primary group of the user.

>If you can demonstrate that the ext_kerberos_ldap_group_acl does
>provides a superset of the functionality of ext_ldap_group_acl helper
>then I can de-duplicate the two helpers.
>
>Amos

Regards
Markus

>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v2.0.22 (MingW32)
>
>iQEcBAEBAgAGBQJUvjtbAAoJELJo5wb/XPRjb1sH/2mO/l+k7jTdFr5CBfrBjXr8
>hp8ECHtKkpHvhiinKadcQd69ZYz0bqYmKQ4AX44XaTKTgc2ctKeywuDBRtSVnMwH
>KrSFY+YUhxpje7hRIwtoloVtPcT+JawUbnvGaAGtcbLNypkT1VEICBA/5QJbSWUH
>Uc+6szgksFWbDldl7kGYd42e7ZE8CdfcjzYqROaFxTglTKgEpqNvaY7KrNx2cZ+c
>5Kx4C6LzKrHML28TsWurWBpS3NVkUveFBLqkD8hY8QULolKleSFkHfuHn/S4gXGf
>IkyNDtEBbdFPKIQw5bkBvzpAWKxSn2fWsq4GW2AJeCcKiJVHDLqwTVQ4vIddsY8=
>=BbhE
>-----END PGP SIGNATURE-----
>_______________________________________________
>squid-users mailing list
>squid-users at lists.squid-cache.org
>http://lists.squid-cache.org/listinfo/squid-users 




More information about the squid-users mailing list