On Wed, 09 Dec 2009 12:34:42 -0200, Felipe Augusto van de Wiel <felipe.w...@hpp.org.br> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi, > > I'm already using LDAP authentication and the > company I work for tries to put a lot of authentication > and authorization (meta-)information inside LDAP. > > This week, we were wondering if it is possible > to use LDAP as a backend for acl lists. The idea would > be to get a list of domains for a user or a list of > source domains for an acl and so on, instead of putting > the list on squid.conf or in and external file, LDAP > would be the "repository". > > Looking to the standard config it doesn't seems > to be possible, the only external "repository" would be > a file, but do you believe it is possible to try to > achieve it using external_acl? > > Writing a custom script that would get info > from LDAP and check different items and conditions? >
Yes. Exactly the intention of the external_acl_type. It's frequently done with other database backends. The cons are that its a "slow" type ACL as well as being relatively slow time-wise. So not all tests can use it. > > Have anybody heard about anything on those lines? > AFAIK there is nothing preventing it. Have not heard about it being done for LDAP yet but that is not unusual since any such implementation would be an extremely site-specific custom setup. Amos
