Squid - Active Directory - permissions based on Nodes rather than Groups
- by Genboy
Hi,
I have squid running on a gateway machine & I am trying to integrate it with Active Directory for authentication & also for giving different browsing permissions for different users.
1) /usr/lib/squid/ldap_auth -b OU=my,DC=company,DC=com -h ldapserver -f sAMAccountName=%s -D "CN=myadmin,OU=Unrestricted Users,OU=my,DC=company,DC=com" -w mypwd
2) /usr/lib/squid/squid_ldap_group -b "OU=my,DC=company,DC=com" -f "(&(sAMAccountName=%u)(memberOf=cn=%g,cn=users,dc=company,dc=com))" -h ldapserver -D "CN=myadmin,OU=Unrestricted Users,OU=my,DC=company,DC=com" -w zxcv
Using the first command above, I am able to authenticate users.
Using the second command above, I am able to figure out if a user belongs to a particular active directory group. So I should be able to set ACL's based on groups.
However, my customer's AD setup is such that he has users arranged in different Nodes.
For eg. He has users setup in the following way
cn=usr1,ou=Lev1,ou=Users,ou=my,ou=company,ou=com
cn=usr2,ou=Lev2,ou=Users,ou=my,ou=company,ou=com
cn=usr3,ou=Lev3,ou=Users,ou=my,ou=company,ou=com
etc.
So, he wants that I have different permissions based on whether a user belongs to Lev1 or Lev2 or Lev3 nodes. Note that these aren't groups, but nodes.
Is there a way to do this with squid?
My squid is running on a debian machine.
