LDAP auth module for Squid


proxy_auth_ldap is a authenticator script for the Squid cache proxy. It was implemented for ancient versions of Squid which did not have support for HTTP proxy authentication against a user repository accessible via LDAP.

Recent versions of Squid have built-in LDAP support. Therefore today you might want to check Squid authentication modules shipped with Squid first before installing this script (see this nice text about "Authentication and Squid").


For running this proxy_auth module you need:


© by Michael Ströder

This software including all modules is free software and given away under the GPL (GNU GENERAL PUBLIC LICENSE) Version 2.

Download proxy_auth_ldap.py


  1. Install all required software.
  2. Edit the configuration variables in the script. Read the comments!
  3. Adjust parameter authenticate_program in squid.conf to use this script.
  4. Set up acl of type proxy_auth in squid.conf to make use of proxy authentication:

    proxy_auth ldap_password proxy_auth REQUIRED

    http_access allow ldap_password

    Note: Make sure to have appropriate squid.conf for Squid 2!
Security Note:

Note that passwords are transmitted in cleartext over the network when doing HTTP authentication.


If you're eager using your LDAP host for central user management you might also consider using web2ldap for maintaining and accessing your LDAP data via WWW and give the users a possibility to change their passwords.