On Thursday 31 July 2003 21.35, Fernando Maior wrote: > 1) > I am using LDAP for authenticating. I would like my users to > be divided into groups with different access rights.
Ok. > 3) > I inserted a new attribute to LDAP called internetClass, > that can have "level1", "level2" or "level3" as content. What is wrong with using normal LDAP groups? > 4) > Is there a way to create ACLs that can control the > rights for each group of users as described in 1)? Yes. See squid_ldap_group. Can be used both in this mode, and for normal LDAP groups. > 5) > Now I am using a script that prepares three files, one > for each group of users, and one ACL for each group, > like: > > acl LEVEL1 proxy_auth_regex -i "/etc/squid/user/level1" > acl LEVEL2 proxy_auth_regex -i "/etc/squid/user/level2" > acl LEVEL3 proxy_auth_regex -i "/etc/squid/user/level3" If you do this you should use proxy_auth, not proxy_auth_regex. Especially if the lists are large.. But I would recommend using squid_ldap_group. > 6) > Just for information, other rules are: > > acl BLACKLIST urlpath_regex -i "/etc/squid/block/blacklist" > acl INTRANET urlpath_regex -i "/etc/squid/block/intranet" Again, you should use the dstdomain acl where applicable rather than urlpath_regex. Large regex based access lists uses quite a lot of CPU time compared to the other acl types. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
