We currently are still putting together our reverse proxy configuration. We are comprised of 4 sister companies, who internally can reach each others private networks. We also have customers and internal employees who need to access web services from the internet.
Currently, we are looking to go with ldap authentication, as some companies are on novell w/ldap directories and some are already on Active Directory...with the plan being to eventually have everyone on AD. Current customers are in a separate ldap directory, located in the DMZ accessing webservers in the DMZ. Using squid as a reverse proxy, we plan on moving those webservers to the back end network. Our infrustructure already included 3 layers of firewalls, with 2 DMZ zones...public/outer and private/inner. We have gotten this far, and it works: Webuser-->ssl-->fw-->squid-->ldap auth'd-->fw-->squid-->fw-->back end network --> web servers. Internal user-->ssl-->squid-->ldap auth'd-->same webservers as above. A problem has arisen, where squid ldap authenticates via basic-auth and then we hit a server that also wants to basic auth. Ie: Outlook Web Access uses basic auth and the version we are on doesn't support form based authentication. We can't upgrade and are stuck with the current version. One http session= one basic auth. More than one is a violation and not allowed. Squid is not a webserver, so I can't picture it using form based authentication to the ldap directory. Thoughts anyone? Thanks in advance, Chris Perreault
