On Tue, 10 Aug 2004, Tim Neto wrote:
If you use "squid_ldap_auth" for group control, then why was "squid_ldap_group" created?
squid_ldap_auth is for authentication, not authorization. In many LDAP directories the filter can specify groups restricting who may authenticate to the proxy.
squid_ldap_group is for authorization only, to give different groups of authenticated users different privileges.
If you do not need to specify different authorization for different groups and your directory allows direct filtering on group membership then there is no need for squid_ldap_group, only squid_ldap_auth.
If you need to give different groups different privileges in the proxy then you must use squid_ldap_group in addition to squid_ldap_auth.
Regards Henrik
