Tuesday, October 6, 2015

squid3 authentication using ldap as authenticate backend

how to setup ldap server follow the link below

***** information *****
ldap server: ldap.ldap.com
ldap basedn: ldap.com
ldap binddn: cn=admin,dc=ldap,dc=com
ldap binddn password: 123
object class to use: posixAccount

1- squid installation
$ sudo apt-get install squid

2-  edit squid configuration file /etc/squid3/squid.conf as below

acl all src all
acl localhost src
acl to_localhost dst
acl localnet src    # RFC1918 possible internal network
acl localnet src    # RFC1918 possible internal network
acl localnet src    # RFC1918 possible internal network
acl SSL_ports port 443        # https
acl SSL_ports port 563        # snews
acl SSL_ports port 873        # rsync
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl Safe_ports port 631        # cups
acl Safe_ports port 873        # rsync
acl Safe_ports port 901        # SWAT
acl purge method PURGE

auth_param basic program /usr/lib/squid3/basic_ldap_auth -b dc=ldap,dc=com -h ldap.ldap.com -D cn=admin,dc=ldap,dc=com -w 123 -f (&(objectclass=posixAccount)(cn=%s))
auth_param basic children 50
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 1 minute
acl ldap_auth proxy_auth REQUIRED

visible_hostname proxy1
http_access allow manager localhost
http_access allow localnet ldap_auth
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all

http_port 3128
cache_dir aufs /var/spool/squid3 10000 16 256
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid3/access.log squid
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern (Release|Packages(.gz)*)$    0    20%    2880
refresh_pattern .        0    20%    4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
hosts_file /etc/hosts
coredump_dir /var/spool/squid3

3- squid initialize and start service

$ sudo squid3 -z
$ sudo service squid3 start

configure the client to use the proxy, and it will ask for username and password when access the internet

No comments:

Post a Comment