Squid doesn't really know about groups at all., and never gets a "list of groups" back from the helper. It only knows the OK/ERR status a generic external_acl helper returns based on arbitrary parameters.
Passing a single group on to Squidguard would be limited, I rarely have instances where a single group is sufficient. If this were to be truly useful, there would have to be a mechanism for Squid to enumerate the user's groups and pass the info onto Squidguard. I don't really think squid should be doing this much work "for" a helper. Do we want a list of 100 groups going to the helper for every request? Squid could be trained to only pass "relevant" groups, but that is more mucking around in squid. IMO, the most efficient, clean, and flexible method would be for squidguard to support some form of external group helper. My current method of a cron job enumerating the relevant groups into a squidguard userlist file every x minutes is relatively efficient and simple. It's not sexy, but it works if you can live with a little latency. Jerry ----- Original Message ----- From: "Jay Turner" <[EMAIL PROTECTED]> To: "Henrik Nordstrom" <[EMAIL PROTECTED]>; "Phil Crooker" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, March 06, 2003 5:20 AM Subject: RE: SquidGuard & NT Groups > Not even via wb_group somehow? > > -----Original Message----- > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > Sent: Thursday, 6 March 2003 3:38 PM > To: [EMAIL PROTECTED]; Phil Crooker > Cc: [EMAIL PROTECTED] > Subject: Re: SquidGuard & NT Groups > > > On Thursday 06 March 2003 01.42, Jay Turner wrote: > > > Is there no way squid could be modified to pass group information > > through to the redirector? > > Not easily. Squid does not actually know the group. > > What could work is to have Squid tag the request if it matches a > certain http_access rule, and have this tag sent to redirectors. > > Regards > Henrik > > > >
