RE: LDAP authentication with Squid

From: Sparks, Alan <>
Date: Mon, 6 Jul 1998 10:14:19 -0700

I've implemented LDAP authentication on both 1.1.20 and 1.2b22... the
former using a patch by Clayton Donley, the latter using the external
proxy_auth patch. I really like the latter (short of the IE4 hang I've
been recently speaking of).

The LDAP auth works basically by taking the user-supplied username and
password, and attempting to a) look up the DN of the user having a UID
attribute equal to the supplied username, and b) attempting a bind to
the LDAP server to that DN using the supplied password. The password is
normally maintained in the entry's userpassword attribute. If the bind
succeeds, cool.

I wrote a small C program to go with the proxy_auth patch to implement
the auth server, but it could easily be accomplished using a small Perl
program instead.

The LDAP traffic is minimal, 'cuz Squid caches the results of auth
lookups. It's generally quite fast, too.

The patch and supporting doc for 1.2b22 is at The patch for 1.1.20
is at

It's all quite easy to implement, and has been quite effective here.
The stuff works well with IE3/4 and NS 3/4... The effect to the user is
a dialog box asking for username/password pops up the first time in the
session the user attempts to access the proxy. The username/password
stuff is thereafter cached for the session by the browser, so the user
need not re-authenticate for the duration of the session.

Hope this helps.

-----Original Message-----
From: []
Sent: Monday, July 06, 1998 1:44 AM
Subject: LDAP authentication with Squid


Over time I've seen a few references on here to LDAP authentication; and
I've looked at the available patch to do the job. Now, suddenly, I've
handed a requirement to implement same; with instructions to replace
with Netscape Proxy to permit integration with Netscape directory

Clearly, I don't want to do this. I've been researching LDAP most of the
afternoon, but I have yet to find the answer to my most fundamental

** How does LDAP authentication _work_? ** That is, what does the user
What is the dialogue between servers? What changes have to be made to
to get all this to happen?

Can anyone point me in the direction of a good webpage/FAQ describing
ins and outs of authenticating users at a proxy server using an LDAP
directory? Is it really feasible at all? Should I just bite the bullet
go for Netscrape Proxy?


Richard Stagg
Received on Mon Jul 06 1998 - 10:15:15 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:41:04 MST