|
File
Format and Rules > LDAP Format:
The
following LDAP filtering profile files can be set up:
- Workstation
- ldapwrkstnprofile.conf
- User
- ldapuserprofile.conf
- Group
- ldapgroupprofile.conf
- Quota
- quota.conf
- Container
- ldapcontainer.conf (similar to user and group formats, but will
differ from environment to environment depending on how containers
are set up at your organization)
NOTE: See DN
Format for information about the Distinguished Name format.
WARNING: The examples provided here are based on standard default
settings in LDAP for Microsoft Active Directory Services. The suggested
entries and examples may not be applicable to all other server types,
or if any changes have made to default settings on the LDAP Active
Directory server.
Top
Each filtering profile included in the file should be entered on
a separate line. Filter options should be included at the end of
the profile string, unless this is a quota file, in which instance
the quota is included at the end of the profile string. (See Quota
for rules on setting up a quota file.)
Filter Option Codes
• 0x1 = Exception URL Query (always enabled)
• 0x2 = X Strikes Blocking
• 0x4 = Google/Bing/Yahoo!/Youtube/Ask/AOL Safe Search Enforcement
• 0x8 = Quota Query
• 0x100 = Search Engine Keyword
• 0x200 = URL Keyword
• 0x400 = Bypass Minimum Filtering Level for Override Account
• 0x1000 = Extend URL Keyword Filter Control
NOTE: To enable multiple filter codes, add the codes together. For
example, to enable all features for an LDAP profile, enter 0x1307
at the end of the profile string. To disable all filter codes for
an LDAP profile, enter 0x1 at the end of the profile string.
Top
Category Command Codes
Category command codes must be entered in the following order: J,
R, M, I. “PASSED” should either be entered after J,
R, or M, or after a string of category codes following J, R, or
M.
J = Positioned before the category/categories defined as "always
allowed."
R = Positioned before the category/categories defined as "blocked."
M = Positioned before the category/categories defined as containing
URLs potentially against the organization’s policies, and
accompanied by a warning message.
I = Positioned
at the end of a profile string, indicating that all other categories
should “pass.”
PASSED = When positioned at the end of a string of categories or
after a category command code, this code indicates that unidentified
categories will follow suit with categories defined by that code:
J (pass), R (block), or M (receive warning message).
Top
LDAP
Workstation Filtering Profile File Format
When setting up the ldapwrkstnprofile.conf file, each entry must
consist of the Distinguished Name (DN), with each part of the DN
separated by commas (,). The DN should be followed by a semicolon
(;), and then a rule number or rule criteria (port, category, and
filter mode specifications). A redirect URL can be included, if
a specific URL should be used in place of the standard block page.
If a redirect URL is not included, a blank space should be entered
in its place in the profile string. Each segment of the profile
string following the semicolon for the DN should be separated by
commas (,). The filter option designation should be placed at the
end of the profile string. For example:
CN=R3KWRK1,
CN=Computers, DC=logo, DC=net; R 21 A, J R KDPORN GPORN M PASSED
I,1, , 0x1
CN=WIN2000-79AHM, OU=Domain Controllers, DC=logo, DC=net; Rule0,
, 0x1306
DN
Format:
For a workstation profile, the DN format must contain the workstation
name and LDAP group "CN" ("common name") attribute
type, and the domain and DNS suffix "DC" ("domain
component") attribute type. For a user profile, the DN format
must contain the username and user group "CN" ("common
name") attribute type, and the domain and DNS suffix "DC"
("domain component") attribute type. The "OU"
("organizational unit") attribute type also can be included
in an LDAP profile. Each attribute type should be followed by an
equals sign (=), and separated by a comma (,).
Top
LDAP
User Filtering Profile File Format
When setting up the ldapuserprofile.conf file, each entry must consist
of the Distinguished Name (DN), with each part of the DN separated
by commas (,). The DN should be followed by a semicolon (;), and
then a rule number or rule criteria (port, category, and filter
mode specifications). A redirect URL can be included, if a specific
URL should be used in place of the standard block page. If a redirect
URL is not included, a blank space should be entered in its place
in the profile string. Each segment of the profile string following
the semicolon for the DN should be separated by commas (,). The
filter option designation should be placed at the end of the profile
string. For example:
CN=Jane Doe, CN=Users, DC=qc, DC=local; Rule0, http://www.itt.com,
0x1
CN=Public\, Joe Q., OU=Users, OU=Sales, DC=qc, DC=local; Rule1,
, 0x1
CN=Doe\, John, CN=Users, DC=qc, DC=local; A, J R M CHAT KDPORN
FINAN GGAMES GPORN I,
1, http://www.trustwave.com, 0x302
Top
LDAP Group Filtering Profile File Format
When setting up the ldapgroupprofile.conf file, each entry must
consist of the Distinguished Name (DN), with each part of the DN
separated by commas (,). The DN should be followed by a semicolon
(;), and then a rule number or rule criteria (port, category, and
filter mode specifications). A redirect URL can be included, if
a specific URL should be used in place of the standard block page.
If a redirect URL is not included, a blank space should be entered
in its place in the profile string. Each segment of the profile
string following the semicolon for the DN should be separated by
commas (,). The filter option designation should be placed at the
end of the profile string. For example:
CN=Mktg, CN=Users, DC=logo, DC=local; Rule1, , 0x4
CN=Sales, CN=Users, DC=logo, DC=local; Rule3, http://www.logo.com,
0x6
LDAP
Quota File Format
When setting up the quota.conf file, each entry must consist
of the Distinguished Name (DN), with each part of the DN separated
by commas (,). The DN should be followed by a Tab space. Quota criteria
is entered at the end of the profile string. A zero (0) should be
used if no Overall Quota minutes are included. For example:
CN=Joe Smith, CN=Users, DC=tc, DC=local 0,
PARNML:5, RELIG:10
CN=Ted Jones, CN=Users, DC=tc, DC=local 5,
PARNML:15, RELIG:5
Top
Related Topics:
Back
| Top
|
