On 7/5/2012 3:10 PM, Marcio Merlone wrote:
Em 04-07-2012 22:19, Eliezer Croitoru escreveu:
<SNIP>
the other options are: URL_REWRITE,ICAP,EXTERNAL_ACL.
Didn't know about ICAP. Sounds the way to go.

<SNIP>

if you are willing to do the testings with me and built some skeleton
for it to fit sysadmins i will be more then happy to work on it.
Right now my needs are really basic, just a plain group+sites list
match. But the needs may grow as features become available. :)

well squid and ICAP dose have "icap_client_username_header X-Client-Username" that allows to ICAP server identify the user and based on that the group but i will need to do some coding to fetch the user filtering group. i dont know we but if a ldap user is in more then one group it will need some more coding and database structure plans. so if you or anyone reading this have some idea on how implement the database\table structure to fit multiple groups i'm reading.


i do have one idea but it was ment for filtering and not for group acls:
use filtering levels\weight (numbered) like:
#csv format: domain, weigth
.porndomain.com, 100
.facebook.com, 20
.google.com, 10
.newssite.com, 40
#end of csc
i dont have have sites in my mind but like a "category" that allowed or denied. using numbers can benefit the lookup speed in mysql as a base index for acl match.

if you have lists of sites to allow or deny for a group it will give me some grounds to think of options.


the basic "domain" match is pretty simple to implement and it's kind
of done already.
That' it for now.


ok i have implemented the basic fastest dstdomain acl match method i was thinking of so we can use either an exact match or a domain wildcard.

the next thing to be done is the dstdomain ".example.dom" joker.
about regex acls i will might use some other technique to load it from
DB into memory and only when the DB changed to update the regex into
memory.

regex is a very slow acl and basically should be used wisely.
Does your project has a home-page? I'll be glad to test and help.

i'm using github to host the stable code:
https://github.com/elico/echelon
i didnt released yet any code regarding the filtering mechanism because it's not polished and messy with notes in it.
i wrote it in ruby.
my TODO list for the project is:
polish the basic mysql\pgsql\mssql\sqlite\ldap simple interface for usage in the server for queries.
polish my "cache" module.
polish the dstdomain matcher.
ADDED now:write user related code to match a mysql simple userdb.
        write some user code related to ldap users and groups.


i will be glad if you will be able to write a class with couple specific methods to find a user\group(match) in ldap.

i think i will write some basic html file on the project.

Eliezer

--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il


Reply via email to