[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to grant squid/web proxy access? (Was: Merge LWAT and DHCP machine objects in LDAP?)

Petter Reinholdtsen skrev:
> [Finn-Arne Johansen]
>> In a short distance I can see 2 or 3 more:
> [...]
>>  Squid access information (Or maybe that should be provided based on
>>  netgroup)
> 
> My proposal was to use subnet information in LDAP to grant squid
> access.  Do you believe it is a better idea to grant it per host
> instead?  Granting it to all hosts or users in a netgroup will be
> easier, as we do not need to add subnet information in LDAP.
> 
> If we grant access per subnet, clients on those subnets will work out
> of the box without any updates to LDAP.  If we grant it using
> netgroups, the host need to be added to LDAP before it can get on the
> net.  This will make it required to add new hosts to netgroups before
> we can PXE install them, if the use of a proxy is required.

Reading from the list, I guess most people woul like to allow all hosts,
unless the specific host(s) is denied access. So I guess the easiest
approach will be to allow all, unless the host(s) is listed in a
specifiec netgroup (like DeniedInet or something)


-- 
Finn-Arne Johansen
faj@bzz.no http://bzz.no/
EE2A71C6403A3D191FCDC043006F1215062E6642 062E6642
Reply to: