Re: [squid-users] squid with ldap authentication

From: VAIBHAV NALDURGKAR <vaibhav.naldurgkar@dont-contact.us>
Date: Mon, 8 May 2006 18:03:58 +0530

Here we go

Squid Authentication over LDAP (ADS 2003)

Software:
1. Squid Cache: Version 2.5.STABLE1
Compiled with --enable-basic-auth-helpers=LDAP
2. squid_ldap_auth (this program most of the time get installed with
installation of squid)
3. An installed windows 2003 LDAP server

In order to get the LDAP authentication we need to have at least the
read privileges of a user to read the stuff from the LDAP server. It
is also very required to know the search filter for the LDAP server.
In order to get the LDAP authentication functioning, one need to
update auth_param parameter of /etc/squid/squid.conf file.

/etc/squid/squid.conf
------------------------------------------------------------------------------------------------------
auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b
"DC=xyz,DC=co,DC=in" -D "cn=binduserid,cn=users,dc=xyz,dc=co,dc=in" -w
"password" -f "(&(|(objectCategory=group)(objectCategory=person))(&(sAMAccountName=%s)))"
 -h 192.168.x.x
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

1. 192.168.x.x is the ip of LDAP server and
2. "(&(|(objectCategory=group)(objectCategory=person))(&(sAMAccountName=%s)))"
  is search filter

Incase of any peer server one may use cache_peer parameter to do the
forwarding. For e.g. If the main proxy is proxy.xyz.co.in than
cache_peer would be

cache_peer proxy.xyz.co.in parent 80 3130 proxy-only

On 5/8/06, Om <omprakash@effigent.net> wrote:
> Hi Vaibhav,
> Thanks for your mail.
> If you have configured squid with LDAP authentication,
> can you provide me any resources for that.
>
> Thanks,
> Omprakash,
> Effigent India Pvt Ltd,
> Hyderabad.
> VAIBHAV NALDURGKAR wrote:
> > Hi,
> >
> > After configuring squid with LDAP support it always pop up the user
> > name and pssword window for authentication but if you configured
> > squid with NTLM support the authentication will be transparent to the
> > users.
> >
> >
> > Regards,
> >
> >
> > Vaibhav
> >
> > On 5/2/06, Om <omprakash@effigent.net> wrote:
> >> Hi Friends,
> >> Currently i am using ip address based acls to provide internet access to
> >> the users in my company.
> >> Recently we have installed LDAP-V 3.
> >> Now I would like to provide internet access based on the LDAP-
> >> authentication.
> >> Can anybody suggest me how to go about it.
> >>
> >> Thanks,
> >> Om.
> >>
> >
> >
>
>
Received on Mon May 08 2006 - 06:34:02 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:02 MDT