I un­der­stand them now :-)

Ap­par­ent­ly, the poster wants to use au­then­ti­ca­tion on Squid against a LDAP server, and use LDAP groups to de­cide whether the us­er is al­lowed or de­nied.

Ap­par­ent­ly, there is no way to do that with Squid it­self. But it sounds like a sim­ple thing to do us­ing an ex­ter­nal pro­gram.

Who knows, I may write it, too ;-)

Oth­er com­ments showed con­cern about this pass­ing clear­t­ext pass­word­s. That is true. Sim­ple mod­i­fi­ca­tions to the scripts should pre­vent the POP3 or IMAP ac­cess from do­ing that, but I know no way to make Squid use an en­crypt­ed link for the au­then­ti­ca­tion (At least not with­out us­ing Squid v3).