asked on

How to use group membership to control internet users with SQUID LDAP authentication.

Hey Team,
We have a working SQUID server. It does authentication against Active Directory via LDAP. Currently there is a group that is allowed to surf the internet unrestricted: Group0 if you will.. Anyone not in the group is white listed to only a few business sites. This all works fine. My question is this: Now I need to make several new active directory groups and based on their membership white list them to the required business web sites only. So for example: Group1 needs to only be able to go to www.google.com. Group2 members should be able to only go to www.yahoo.com. The Group0 we discussed earlier can go anywhere on the internet. How do I do this?"
Thanks!!!!

tedayoungii

ASKER

I went ahead and posted the pertenent current ldap settings that work. Below:

auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b "dc=xxxxx,dc=xxxxxxxx,dc=com" -D "CN=LDAP USERNAME,OU=IT,OU=SUI,DC=xxxxxxx,DC=xxxxxxxxxx,DC=com" -w "password" -f sAMAccountName=%s -h dc01
auth_param basic children 5
auth_param basic realm xxxxxxxx
auth_param basic credentialsttl 480 minute
auth_param basic casesensitive off

##group auth
external_acl_type internetusergroup %LOGIN /usr/lib/squid/squid_ldap_group -R -b "dc=xxxxxxx,dc=xxxxxxx,dc=com" -D "CN=LDAP USERNAME,OU=IT,OU=SUI,DC=xxxxxx,DC=xxxxxx,DC=com" -w "password" -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=CN=Firebox Users,OU=Security Groups,OU=SUI,DC=xxxxxx,DC=xxxxxx,DC=com))" -h DC01

acl internetusergroup proxy_auth REQUIRED
acl internetgroup external internetusergroup internetusers
acl Allowed_Sites url_regex "/etc/squid/allowed-sites.acl"
http_access allow internetgroup
http_access allow internetusergroup Allowed_Sites
#http_access deny internetusergroup
#http_access deny bad
http_access deny all

ASKER CERTIFIED SOLUTION

pitt7

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial