CVS: $Id: proxy_auth_ldap.html,v 1.16 2006/05/17 23:09:27 michael Exp $

The original URL is: http://www.stroeder.com/proxy_auth_ldap.html

Table of Contents

Introduction
Requirements
Download
Installing
Related

Introduction

proxy_auth_ldap is a authenticator script for the Squid cache proxy. It was implemented for older versions of Squid which did not have support for HTTP proxy authentication against a user repository accessible via LDAP. Recent versions of Squid have built-in LDAP support. Therefore today you might want to check Squid authentication modules shipped with Squid first before installing this script (see this nice text about "Authentication and Squid").

Requirements

For running this proxy_auth module you need:

Download

© by Michael Ströder

This software including all modules is Open Source and given away under the GPL (GNU GENERAL PUBLIC LICENSE) Version 2.

Download proxy_auth_ldap.py

Installing

  1. Install all required software.
  2. Edit the configuration variables in the script. Read the comments!
  3. Adjust parameter authenticate_program in squid.conf to use this script.
  4. Set up acl of type proxy_auth in squid.conf to make use of proxy authentication:

    proxy_auth ldap_password proxy_auth REQUIRED

    http_access allow ldap_password

    Note: Make sure to have appropriate squid.conf for Squid 2!
Security Note:

Note that passwords are transmitted in cleartext over the network when doing HTTP authentication.

Related

If you're eager using your LDAP host as single sign-on server you might also consider using web2ldap for accessing your LDAP data via WWW and give the users a possibility to change their passwords.