Thank you very much Henrik. A few things I would like to mention.
1. You specify using "external_acl_program" but I assume you mean "external_acl_type" 2. What does the "X" mean in this acl line "acl ldap_service_accounts external ldap_service_accounts X" Again, thanks for the prompt response. Regards - Kris Glynn: (07) 3295 3987 - 0434602997 -----Original Message----- From: Henrik Nordström [mailto:[email protected]] Sent: Wednesday, 19 May 2010 5:32 AM To: Kris Glynn Cc: [email protected] Subject: Re: [squid-users] Squid 2.6 - Deny all users in a specific Active Directory OU (not group) tis 2010-05-18 klockan 14:33 +1000 skrev Kris Glynn: > I would like to know if it is possible to deny/allow based on a specific OU > in Active Directory. Yes. The squid_ldap_group helper can do this by simply searching for the user again below that OU and denying access if found. external_acl_program ldap_service_accounts %LOGIN /usr/lib/squid_ldap_group -R -b "OU=Service Accounts,dc=company,dc=internal" -D username -w password -f "(&(sAMAccountName=%u)(objectClass=Person))" -h 192.168.60.4 acl ldap_service_accounts external ldap_service_accounts X http_access deny ldap_service_accounts If you have many of these OUs that you want to match then the -g option to squid_ldap_group may be handy, enabling you to add the OU part via the acl line. But is a little tricky if the OU contains spaces as in your "OU=Service Accounts" (requries an acl include file). Regards Henrik The content of this e-mail, including any attachments, is a confidential communication between Virgin Blue, Pacific Blue or a related entity (or the sender if this email is a private communication) and the intended addressee and is for the sole use of that intended addressee. If you are not the intended addressee, any use, interference with, disclosure or copying of this material is unauthorized and prohibited. If you have received this e-mail in error please contact the sender immediately and then delete the message and any attachment(s). There is no warranty that this email is error, virus or defect free. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. If this is a private communication it does not represent the views of Virgin Blue, Pacific Blue or their related entities. Please be aware that the contents of any emails sent to or from Virgin Blue, Pacific Blue or their related entities may be periodically monitored and reviewed. Virgin Blue, Pacific Blue and their related entities respect your privacy. Our privacy policy can be accessed from our website: www.virginblue.com.au
