How to Configure Squid to use LDAP for User Log In

End users need to log into the proxy to get to the internet. How do I configure Squid to use LDAP for User verification?

Squid needs to know which authentication method to use for user verification and log in. Adding the following lines to squid.conf will require users to log in:

auth_param basic program /usr/sbin/squid_ldap_auth -b "LDAP DN" -f "uid=%s" -h host.domain.com auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off acl ldapauth proxy_auth REQUIRED http_access allow ldapauth http_access deny !ldapauth

This section must go below:

# # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS #

Note:

Make sure that /usr/sbin/squid_ldap_auth is the correct location of that binary file. Enter in the LDAP DN for your LDAP Server. Specify the IP/Hostname of the LDAP server which Squid will use. The text "Squid proxy-caching web server" Is the prompt that end users will see when they try to access the internet.

For more information on configuring your Squid Proxy server, visit http://www.squid-cache.org

This article was originally published in the GWAVA knowledgebase as article ID 2098.