Ali Abbas

Here is a small easy way to set a simple web proxy to authenticate against an ldap server.

- Squid Install -
(using the rpmforge repository) do a ‘yum install squid’

- Locate squid_ldap_auth -

locate squid_ldap_auth ==> /usr/lib64/squid/squid_ldap_auth

- Test connection against your ldap server -

/usr/lib64/squid/squid_ldap_auth -b “dc=alouche,dc=net” -f “uid=%s” -h auth.alouche.net
myUser myPassword
OK

The OK prompt back shows us that we can easily connect to the ldap server

- Edit squid.conf -

Here is part of the configuration I use to set up the basic ldap authentication in squid

auth_param basic program /usr/lib64/squid/squid_ldap_auth -b “dc=alouche,dc=net” -f “uid=%s” -h auth.alouche.net
auth_param basic children 30
auth_param basic realm Please authenticate yourself
auth_param basic credentialssttl 1 hours
acl ldapauth proxy_auth REQUIRED
http_access allow ldapauth

Make sure http_access deny all is as well set and not deleted.

- Start Squid -

chkconfig squid on
service squid start

netstat -tupnl ==> should report a socket listening on tcp port 3128

- Next steps -

Make sure to either point your browser to your proxy server and you will see the auth prompt for ldap username and password or follow up on setting an Interception Proxy.

Hope that helped,

Ali