Squid and Active Directory

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443        # https
acl SSL_ports port 563        # snews
acl SSL_ports port 873        # rsync
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl Safe_ports port 631        # cups
acl Safe_ports port 873        # rsync
acl Safe_ports port 901        # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

acl webblocked url_regex '/etc/squid/webblocked.txt'
acl day_am time 08:00-12:00
acl day_pm time 13:00-17:40
http_access deny webblocked day_am
http_access deny webblocked day_pm

#Block MSN
acl msn_users src '/etc/squid/msn_user_list.txt'
acl msn_server req_mime_type application/x-msn-messenger
acl msn_url url_regex -i gateway.dll

#Block MSN
http_access deny !msn_users msn_server day_am
http_access deny !msn_users msn_server day_pm
http_access deny !msn_users msn_url day_am
http_access deny !msn_users msn_url day_pm

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow localhost

icp_access allow all

http_port 8080
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern .        0    20%    4320
#logformat combined
cache_access_log /var/log/squid/access.log
#cache_access_log syslog combined
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

extension_methods REPORT MERGE MKACTIVITY CHECKOUT

hosts_file /etc/hosts

coredump_dir /var/spool/squid

#http_access allow all

# Active Directory
####################################################################################################
auth_param basic program /usr/lib/squid/ldap_auth -R -b "dc=sci,dc=com" -D "cn=Administrator,cn=Users,dc=sci,dc=com" -w "***" -f "sAMAccountName=%s" -h 192.168.0.1
    auth_param basic children 5
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 5 minutes

external_acl_type InetGroup %LOGIN /usr/lib/squid/squid_ldap_group -R -b "dc=sci,dc=com" -D "cn=Administrator,cn=Users,dc=sci,dc=com" -w "***" -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=InternetUser,dc=sci,dc=com))" -h 192.168.0.1

acl localnet proxy_auth REQUIRED src 192.168.0.0/24
acl InetAccess external InetGroup InetAllow
http_access allow InetAccess
####################################################################################################
http_access deny all

auth_param basic program /usr/lib/squid/ldap_auth -R -b "dc=sci,dc=com" -D "cn=Administrator,cn=Users,dc=sci,dc=com" -w "***" -f "sAMAccountName=%s" -h 192.168.0.1

external_acl_type InetGroup %LOGIN /usr/lib/squid/squid_ldap_group -R -b "dc=sci,dc=com" -D "cn=Administrator,cn=Users,dc=sci,dc=com" -w "***" -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=InternetUser,dc=sci,dc=com))" -h 192.168.0.1

acl InetAccess external InetGroup InetAllow

acl InetAccess acl localnet proxy_auth REQUIRED src 192.168.0.0/24
acl InetAccess external InetGroup InetAllow
http_access allow InetAccess
http_access deny all