February 20, 2009

Squid with Ldap authentication - Centos

Here is a small easy way to set a simple web proxy to authenticate against an ldap server.

  • Squid Install - (using the rpmforge repository) do a ‘yum install squid’

  • Locate squid_ldap_auth -

locate squid_ldap_auth ==> /usr/lib64/squid/squid_ldap_auth

  • Test connection against your ldap server -

/usr/lib64/squid/squid_ldap_auth -b “dc=alouche,dc=net” -f “uid=%s” -h auth.alouche.net myUser myPassword OK

The OK prompt back shows us that we can easily connect to the ldap server

  • Edit squid.conf -

Here is part of the configuration I use to set up the basic ldap authentication in squid

auth_param basic program /usr/lib64/squid/squid_ldap_auth -b “dc=alouche,dc=net” -f “uid=%s” -h auth.alouche.net auth_param basic children 30 auth_param basic realm Please authenticate yourself auth_param basic credentialssttl 1 hours acl ldapauth proxy_auth REQUIRED http_access allow ldapauth

Make sure http_access deny all is as well set and not deleted.

  • Start Squid -

chkconfig squid on service squid start

netstat -tupnl ==> should report a socket listening on tcp port 3128

  • Next steps -

Make sure to either point your browser to your proxy server and you will see the auth prompt for ldap username and password or follow up on setting an Interception Proxy.

Hope that helped,

Ali