Re: squid ACLs and LDAP

To: debian-edu@lists.debian.org
Subject: Re: squid ACLs and LDAP
From: Kurt <kurt@lugrav.de>
Date: Wed, 1 Sep 2004 17:21:56 +0200
Message-id: <20040901152156.GK20432@gnu-tec.de>
In-reply-to: <20040830221205.GQ24292@fiachra.ucd.ie>
References: <20040830221205.GQ24292@fiachra.ucd.ie>

* Gavin McCullagh <lists_gmc@fiachra.ucd.ie> [040831 00:13]:

> Hi,
> 
> I guess this is a feature request.  
> 
> Some schools will not be willing to hand out web access to just anyone on
> their network.  I know of at least one which currently uses the password
> system in squid to restrict such access.
> 
> This would be a very useful feature to have available in the debian-edu
> toolset.  The most convenient way would seem to be granting web access on a
> unix group basis.   I'm not sure how well it works but the ldap_auth
> modules for squid would seem a logical first guess.
> 
> http://freshmeat.net/projects/ldap_auth/
> 
> The basic idea would be to allow some users (eg teachers, seniors) only.
> More than that though, one could imagine certain groups being given
> restricted access either to certain sites or even to filtered content.
> 
> I realise that filtering or restricting net access may cause philosophical
> issues for people but the situation is often that people may be given
> restricted access or none at all.

Hilaire (skolelinux.fr or ofset) has startet to use squidguard 
with the packets included in skolelinux. (squid, squidguard and
blacklist)
He uses a blacklist server for schools in Toulouse.

You need only the redirect line in squid.conf:

redirect_program /usr/bin/squidGuard -c /etc/chastity/squidGuard-chastity.conf

Benedict has startet to build a debian packet with a perl
frontend (Webmin like). The goal is, to allow an admin tu choose
different blacklist servers and to allow an automatic update of
the squidguard database.

Benedict (skolelinux.de) sent me the alpha version. 
If anybody is interessed to test and to develope with us, please
send me an email.

We need this in germany as soon as possible.

The host based filter is realized by other german school servers  
with an iptable script. It enables to cut off the internet 
connection roomwise.

So if a terminalserver has his thinclients in only one room, it
is easy to open or close the internet connection. It would be
nice to have something in the netgroup webmin tool.

Regards/Viele Gruesse!
Kurt
-- 
kurt.gramlich@lugrav.de   GnuPG Key ID  0xE263 FCD4

Reply to:

Follow-Ups:
- Re: squid ACLs and LDAP
  - From: "C. Gatzemeier" <c.gatzemeier@tu-bs.de>
- Re: squid ACLs and LDAP
  - From: Ralf Gesel|ensetter <rgx@gmx.de>
- Re: squid ACLs and LDAP
  - From: Hilaire Fernandes <cddp40.tice@ac-bordeaux.fr>

Prev by Date: Conspicuously many "bad file descriptor" in strace from CUPS (attached)
Next by Date: Re: squid ACLs and LDAP
Previous by thread: Conspicuously many "bad file descriptor" in strace from CUPS (attached)
Next by thread: Re: squid ACLs and LDAP
Index(es):
- Date
- Thread