-   Linux - Server (
-   -   squid acl for ldap users (

haw3d 12-19-2010 08:23 AM

squid acl for ldap users
i implement sso for my network and users can surf internet by login in his accounts and log their user names. i want to put some acls on user names instead of group based. and also can use delay pools for manage used bandwidth.
for example:
user1 allow internet access BW 10kbps
user2 deny internet access
user3 allow internet access BW 20kbps
can implement this by squid? can you give help me?
Linux 2.6.22 - squid 2.6 stable 6 - AD: win2k3 server
authentication config:

PHP Code:

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 10
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
#auth_param ntlm use_ntlm_negotiate off
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Domain Proxy Server      
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
authenticate_cache_garbage_interval 10 seconds
# Credentials past their TTL are removed from memory
authenticate_ttl 0 seconds
## acl entries to require authentication:
acl AuthorizedUsers proxy_auth REQUIRED
auth_param basic program 
/usr/lib/squid/squid_ldap_auth -"dc=ssotest,dc=com" --"cn=Administrator,cn=Users,dc=ssotest,dc=com" -"111111" -"(&(objectClass=person)(sAMAccountName=%s))" -u sAMAccountName -v 3 -P
auth_param basic children 20
auth_param basic realm Endian Advanced Proxy Server
auth_param basic credentialsttl 60 minutes
acl for_inet_users proxy_auth REQUIRED

excuse me for my bad English Thank you

All times are GMT -5. The time now is 12:18 PM.