Here¹s an example from our config that works fine. We have a (largish) group of users we don¹t want surfing the web but they do need access to the fedex website for shipping - you can obviously configure it to suit your own needs. I created the OU containers in the root of the domain tree and somehow I remember (from two years ago) fighting with it when I had them nested deeper than that, but that's AD 2000 for you... Also the OU container names are case-sensitive IIRC. Make an LDAP user who has read-only access for production use.
# Set up group queries against AD. external_acl_type InetGroup %LOGIN /usr/lib64/squid/squid_ldap_group \ -b "dc=[domain],dc=net" -D "cn=[username],cn=Users,dc=[domain],dc=net" \ -s sub \ -w "[password]" \ " \ -h ldap # Destinations here acl fedex dstdomain .fedex.com # User groups here acl localnet proxy_auth REQUIRED src 10.0.0.0/8 acl AllWebAccess external InetGroup allweb acl FedexWebAccess external InetGroup fedexweb acl BlockedWebAccess external InetGroup blockedweb http_access allow fedex FedexWebAccess http_access allow AllWebAccess http_access allow !BlockedWebAccess http_access deny all On 2/19/10 12:12 PM, "Chris Robertson" <crobert...@gci.net> wrote: > Fabio Almeida wrote: >> Hi all, >> >> Can I use Active Directory to store URLs, Words, etc with external_acl >> statement? >> > > As long as you can craft an external_acl script to query it, yes. > >> I've sucessfully configured squid to authenticate users and groups >> against Active Directory. >> I'm wondering if I can use AD to store words, phrases and URLs instead >> of a plain file. >> >> Is it possible, > Probably. >> practical > Questionably. >> and as fast as files? >> > Not a chance. >> Any directions would be appreciated. >> >> My best regards, >> Fábio Almeida >> > Chris >
