15.12.2016 20:29, Bryan Peters пишет:
My Google-fu seems to be
coming up short.
We have an application that
ties into our users SSO/LDAP servers. We, don't run an
LDAP server of our own, we're just making outbound calls
to their LDAP servers.
I would like to proxy all
outbound LDAP calls through Squid to get around some
limitations of AWS and our customers need to whitelist
an IP. (AWS load balancers don't have static IPs, some
of our customers won't whitelist FQDNs in their
firewall).
Getting the traffic from our
app server(s) to the Squid box hasn't been much of a
problem. I'm using Iptables/NAT to accomplish this.
TCPdump on the Squid machine sees traffic coming in on
3128.
I've added 389 as a 'safe
port' in the squid config, created ACLs that allow the
network the traffic is coming in on. Yet squid never
grabs the traffic and does anything with it. The logs
don't get updated at all.
Am I incorrect about Squid
being able to proxy LDAP traffic?
Exactly. By definition, squid is only HTTP proxy. Initially.
Modern versions supports also HTTPS (with restrictions) and FTP
(with restrictions).
Googling for this is sort of
maddening as all forums, mailing lists, FAQs and
documentation continues to come up for doing LDAP auth
on a Squid machine, which isn't what I'm looking for at
all.
Condolences. Thing you want is not possible by Squid.
Any help you can give would
be appreciated.
It can not help the fact that the product is not as a class. Squid -
no proxy all protocols in the world. Although it would not prevent
the availability of support for some of them - and it is certainly
not FTP (FTP - in 2016 the year indeed! :))
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
--
Cats - delicious. You just do not know how to cook them.
|
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users