Here we go Squid Authentication over LDAP (ADS 2003) Software: 1. Squid Cache: Version 2.5.STABLE1 Compiled with --enable-basic-auth-helpers=LDAP 2. squid_ldap_auth (this program most of the time get installed with installation of squid) 3. An installed windows 2003 LDAP server In order to get the LDAP authentication we need to have at least the read privileges of a user to read the stuff from the LDAP server. It is also very required to know the search filter for the LDAP server. In order to get the LDAP authentication functioning, one need to update auth_param parameter of /etc/squid/squid.conf file. /etc/squid/squid.conf ------------------------------------------------------------------------------------------------------ auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b "DC=xyz,DC=co,DC=in" -D "cn=binduserid,cn=users,dc=xyz,dc=co,dc=in" -w "password" -f "(&(|(objectCategory=group)(objectCategory=person))(&(sAMAccountName=%s)))" -h 192.168.x.x auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours 1. 192.168.x.x is the ip of LDAP server and 2. "(&(|(objectCategory=group)(objectCategory=person))(&(sAMAccountName=%s)))" is search filter Incase of any peer server one may use cache_peer parameter to do the forwarding. For e.g. If the main proxy is proxy.xyz.co.in than cache_peer would be cache_peer proxy.xyz.co.in parent 80 3130 proxy-only On 5/8/06, Om <omprakash@xxxxxxxxxxxx> wrote:
Hi Vaibhav, Thanks for your mail. If you have configured squid with LDAP authentication, can you provide me any resources for that. Thanks, Omprakash, Effigent India Pvt Ltd, Hyderabad. VAIBHAV NALDURGKAR wrote: > Hi, > > After configuring squid with LDAP support it always pop up the user > name and pssword window for authentication but if you configured > squid with NTLM support the authentication will be transparent to the > users. > > > Regards, > > > Vaibhav > > On 5/2/06, Om <omprakash@xxxxxxxxxxxx> wrote: >> Hi Friends, >> Currently i am using ip address based acls to provide internet access to >> the users in my company. >> Recently we have installed LDAP-V 3. >> Now I would like to provide internet access based on the LDAP- >> authentication. >> Can anybody suggest me how to go about it. >> >> Thanks, >> Om. >> > >