Configure squid for LDAP authentication using squid_ldap_auth helper
My last post was about Squid proxy authentication using ncsa_auth helper. This time I will show you how to configure squid for LDAP authentication.
The Lightweight Directory Access Protocol, (LDAP) is a networking protocol for querying and modifying directory services running over TCP/IP.
LDAP server (such as OpenLDAP or others) uses the Lightweight Directory Access Protocol. In order to use Squid LDAP authentication you need to tell which program to use with the auth_param option in squid.conf. You specify the name of the program, plus command line options.
Squid comes with squid_ldap_auth helper. This helper allows Squid to connect to a LDAP directory to validate the user name and password of Basic HTTP authentication. This helper is located at /usr/local/squid/libexec/ or /usr/lib/squid or /usr/lib64/squid/ directory.
Step # 1: Make sure squid can talk to LDAP server
Before configuring makes sure that the squid is working with LDAP auth. Type the following command:
# /usr/lib/squid/squid_ldap_auth -b "dc=nixcraft,dc=com" -f "uid=%s" ldap.nixcraft.com
Once you hit enter key you need to provide UID and password using following format:
USERID blankspace PASSWORD
If it was able to connect to LDAP server you will see "ok".
Step # 2: Configuration
Open your squid.conf file:
# vi /etc/squid/squid.conf
Next you need to add following code which specifies the base DN under where your users are located and the LDAP server name.
auth_param basic program /usr/lib/squid/squid_ldap_auth -b "dc=nixcraft,dc=com" -f "uid=%s" -h ldap.nixcraft.com
acl ldapauth proxy_auth REQUIRED
http_access allow ldapauth
http_access deny all
Save and close the file. Restart Squid to take effect.
# /etc/init.d/squid restart
Zimbra LDAP With Squid
You need to use it as follows
/usr/lib/squid/squid_ldap_auth -v 3 -b dc=zimbra,dc=example,dc=com -f "(&(uid=%s)(objectClass=zimbraAccount))" -h zimbra.example.com
Squid authentication against Microsoft's Active Directory
I have not used group_ldap_auth helper against Microsoft's Active Directory. But someone (user) pointed out the following solution. Add following configuration directive to squid.conf:
ldap_auth_program /usr/lib/squid/group_ldap_auth -b dc=my-domain,dc=de -h \ server.my-domain.de -p 636 -g distinguishedName -d CN=lookup,OU=Services,\ OU=Users,DC=my-domain,DC=de -w lookup -u cn -m member -o group -S -l \ /var/log/squid/ldaplog acl ldap_backoffice ldap_auth static 'CN=BackOffice,OU=Groups,dc=my-domain,dc=de' acl ldap_management ldap_auth static 'CN=Management,OU=Groups,dc=my-domain,dc=de' acl ldap_it-service ldap_auth static 'CN=IT-Service,OU=Groups,dc=my-domain,dc=de' acl ldap_development ldap_auth static 'CN=DEVELOPMENT,OU=Groups,dc=my-domain,dc=de' http_access allow ldap_development http_access allow ldap_backoffice http_access allow ldap_management http_access allow ldap_it-service http_access deny all
Further readings
- man squid_ldap_auth
- man group_ldap_auth
Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates.
You can Email this page to a friend.
You may also be interested in other helpful articles:
- Howto Setup Active Directory Authentication With Apache WebServer
- Force OpenSSH (SSHD) to use authentication via LDAP server
- How to configure Ubuntu Linux for Windows Active Directory Authentication
- Howto: Squid proxy authentication using ncsa_auth helper
- How to: Apache authentication using LDAP Server
Discussion on This Article:
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: ldap squid, squid authen with ldap, squid authentication with ldap, squid ldap, squid ldap auth, squid ldap authentication, squid+ldap, squid_ldap_auth, unrar linux



Ehi! If you have any problem, start to try with -v 3 instead of ldap version 2.
I could bind to my ldap server in reason of this.
It is a good start this try:
# /usr/lib/squid/ldap_auth -b “dc=mydc” -D cn=admin,dc=mydc -w passwd -H ldap://ldapserver -v 3 -f “uid=%s”
when typed name and password you must see
OK. Be sure to have typed name and password with a blank separator.
byee
IF i configured Active directory Ldap with Squid for authendication than ,how can i block internet access as per user ??? want to block internet access as per user.