On Monday 18 August 2003 18.40, [EMAIL PROTECTED] wrote: > Hello all, > I'm attempting to setup a httpd_accel squid server to allow > users from the internet to access one of our intranet servers. > Must have secure access via ssl and the users must authenticate > their userid and password with our ldap server. I have ssl mode > reverse proxy working but after having read what I think is every > ldap post in the archive, I'm still struggling with getting > squid_ldap_auth to work. > Squid2.5stable3 freshly compiled on redhat9. > LotusNotes Domino 5 LDAP server.
If you want authentication in reverse proxy mode you should consider using Suqid-3.0. A lot easier to configure once you get the squid_ldap_auth arguments correctly (the squid_ldap_auth arguments are the same in both Squid versions). If you are using Squid-2.5 then there is a hidden define you need to set when compiling Squid to enable authentication in reverse proxy mode (-DAUTH_ON_ACCEL). > Should I configure my ldap server for anonymous access in order > for squid_ldap_auth to work? Not stricly needed with any LDAP directory I know of. But if your LDAP directory does not allow anonymous searches then you may need to use a dummy account for the searches (-D and -W options), and if your directory does not allow login over untrusted channels then you may need to use TLS or SSL (-Z or -H ldaps://.. options). > Otherwise, how should I formulate the > command for squid_ldap_auth to provide the userid and passwd on the > ldap bind attempt? This depends on how you want it to operate. If your users DN can be direclty derived from the login name without searching the directory then just specify how squid_ldap_auth should construct the DN from the login name (-u and -b options). If not you need to give a search filter (-f and -b options) telling squid_ldap_auth how to find the users DN based on the login name. > Or maybe there is another ldap auth module that > will work with a ldap server that does not allow anonymous access? > One last question: provided squid_ldap_auth works with the ldap > server that requires users to log on, will it do secure password > authentication? For secure HTTP authentication you need to use https://. See the https_port directive. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
