Re: Squid Forward Proxy for LDAP

Yuri Voinov <yvoinov@xxxxxxxxx> · Fri, 16 Dec 2016 03:20:56 +0600



    15.12.2016 20:29, Bryan Peters пишет:

    
            My Google-fu seems to be
                coming up short.
              

              We have an application that
                ties into our users SSO/LDAP servers.  We, don't run an
                LDAP server of our own, we're just making outbound calls
                to their LDAP servers.
              

              I would like to proxy all
                outbound LDAP calls through Squid to get around some
                limitations of AWS and our customers need to whitelist
                an IP. (AWS load balancers don't have static IPs, some
                of our customers won't whitelist FQDNs in their
                firewall).
              

              Getting the traffic from our
                app server(s) to the Squid box hasn't been much of a
                problem.  I'm using Iptables/NAT to accomplish this.  
                TCPdump on the Squid machine sees  traffic coming in on
                3128.
              

              I've added 389 as a 'safe
                port' in the squid config, created ACLs that allow the
                network the traffic is coming in on.  Yet squid never
                grabs the traffic and does anything with it.  The logs
                don't get updated at all.
              

              Am I incorrect about Squid
                being able to proxy LDAP traffic?   

              
    Exactly. By definition, squid is only HTTP proxy. Initially. 

    Modern versions supports also HTTPS (with restrictions) and FTP
    (with restrictions).

    
              Googling for this is sort of
                maddening as all forums, mailing lists, FAQs and
                documentation continues to come up for doing LDAP auth
                on a Squid machine, which isn't what I'm looking for at
                all.
            
          
    Condolences. Thing you want is not possible by Squid.

    
              Any help you can give would
                be appreciated.
            
          
    It can not help the fact that the product is not as a class. Squid -
    no proxy all protocols in the world. Although it would not prevent
    the availability of support for some of them - and it is certainly
    not FTP (FTP - in 2016 the year indeed! :))

    
                Thanks
              
            
      _______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

    
    -- 

      Cats - delicious. You just do not know how to cook them.
  

Attachment:
0x613DEC46.asc

Description: application/pgp-keys
Attachment:
signature.asc

Description: OpenPGP digital signature
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users