Buy cheap proxy

Configure squid for LDAP authentication using squid_ldap_auth helper

What is LDAP?

The directory service model of the LDAP server is based on a worldwide directory model known as LDAP (Lightweight Directory Access Protocol). Both LDAP Version 2 (V2) and LDAP Version 3 (V3) are TCP/IP-based directory service protocols supported by z/OS.

The Lightweight Directory Access Protocol is used by LDAP servers (such as OpenLDAP or others). To use Squid LDAP authentication, use the auth param option in Squid.conf to specify which program to use. You define the program’s name as well as command-line parameters.

The squid LDAP auth helper is included with Squid. Squid can connect to an LDAP directory using this helper for validating the user name and password for Basic HTTP authentication. This helper can be found in the /usr/local/squid/libexec/, /usr/lib/squid/, and /usr/lib64/squid/ directories.

Step #1: Verify that Squid can communicate with the LDAP server.

Make sure the squid supports LDAP authentication before configuring it. Fill in the blanks with the following command:

# /usr/lib/squid/squid_ldap_auth -b “dc=nixcraft,dc=com” -f “uid=%s” ldap.nixcraft.com

Once you click enter key you need to enter UID and password using following format:
USERID blankspace PASSWORD

You will see “ok” if it can connect to the LDAP server.

Step # 2: Configuration

Open your squid.conf file:

# vi /etc/squid/squid.conf

The next code, which specifies the base DN under which your users are located and the LDAP server name, must be included next.

auth_param basic program /usr/lib/squid/squid_ldap_auth -b “dc=nixcraft,dc=com” -f “uid=%s” -h ldap.nixcraft.com
acl ldapauth proxy_auth REQUIRED
http_access allow ldapauth
http_access deny all

The following step is to save and close the file. To make changes, restart Squid.

# /etc/init.d/squid restart

Zimbra LDAP With Squid

Next step you need to use it as follows

/usr/lib/squid/squid_ldap_auth -v 3 -b dc=zimbra,dc=example,dc=com -f “(&(uid=%s)(objectClass=zimbraAccount))” -h zimbra.example.com

Squid authentication against Microsoft’s Active Directory

I’ve never used the group LDAP auth helper with Microsoft Active Directory. However, someone (a user) suggested the following approach. In squid. conf, add the following configuration directive:

ldap_auth_program /usr/lib/squid/group_ldap_auth -b dc=my-domain,dc=de -h \
server.my-domain.de -p 636 -g distinguishedName -d CN=lookup,OU=Services,\
OU=Users,DC=my-domain,DC=de -w lookup -u cn -m member -o group -S -l \
/var/log/squid/ldaplog

acl ldap_backoffice ldap_auth static ‘CN=BackOffice,OU=Groups,dc=my-domain,dc=de’
acl ldap_management ldap_auth static ‘CN=Management,OU=Groups,dc=my-domain,dc=de’
acl ldap_it-service ldap_auth static ‘CN=IT-Service,OU=Groups,dc=my-domain,dc=de’
acl ldap_development ldap_auth static ‘CN=DEVELOPMENT,OU=Groups,dc=my-domain,dc=de’

http_access allow ldap_development
http_access allow ldap_backoffice
http_access allow ldap_management
http_access allow ldap_it-service
http_access deny all

Conclusion

The squid LDAP authenticate helper is included with Squid. Squid can connect to an LDAP directory using this helper for validating the user name and password for Basic HTTP authentication. To Know More about Squid LDAP You can Checkout our Website.

FAQ

How can I tell if my Squid proxy is up and running?

Setup the client to use the Squid Proxy To see if your proxy server is working, go to Edit –> Preferences –> Advanced –> Network –> Settings and select “Manual proxy setup” and enter your proxy server IP address and port to be used for all connections as shown below.

What is the best way to administer my Squid proxy server?

On Ubuntu, install Squid Proxy.

Step 1: Refresh the Software Repositories . 
Step 2: On Ubuntu, install the Squid package.
Step 3: Squid Proxy Server Configuration Set up Squid Client. Add ACL for Squid. Proxy Authentication must be configured. Create a new user with a new password. Squid Proxy allows you to block websites.
Step 4: Working with the Squid Service Commands

Written by admin

Leave a comment