We can use the squid ldap authentication helper from /usr/lib/squid/squid_ldap_auth

 

It works fine and can be setup for anonymous access to the ldap database or authenticated. The preferred method is authenticated as below with the auth password held in a file with appropriate security.

Make the squid.conf file use the ldap auth module

# vi /etc/squid/squid.conf

In the Authentication Programs Section add the line...

auth_param basic program /usr/lib/squid/squid_ldap_auth -d -b o=bhaustralia.com.au -u login -D cn=manager -f "(login=%s)" -W /etc/squid/auth/secret 127.0.0.1:389

 

Ofcourse change your DN (o=<organisationname>) as appropriate.

Also note the specifying of the "-W" parameter for the secret file.

 

Then you ofcourse will need an ACL...

acl password proxy_auth REQUIRED

Then an Appropriate allow rule...

http_access allow password

save and quit.

# service squid restart

 

Make sure that you create the secret file as readable only by squid and securely accessibly only by squid.

 

[root@victoria ~]# ls -la /etc/squid/auth
total 40
drwxr-x---  2 root  squid  4096 Dec 12 14:17 .
drwxr-xr-x  3 root  root   4096 Dec 12 14:08 ..
-r-xr-x---  1 squid root      7 Dec 12 14:01 secret

 

The entry in the secret file should be a single line with the password.

 

Done.

For testing you can run manually

# /usr/lib/squid/squid_ldap_auth -d -b o=bhaustralia.com.au -u login -D cn=manager -f "(login=%s)" -W /etc/squid/auth/secret 127.0.0.1:389
you will see a blank line where you enter the username/password like below...

user pass

you will either get an ERR or an OK. ctrl-c to quit.

you could also test querying your ldap server using...

# ldapsearch -x -h 127.0.0.1 -b o="CompanyName Pty Ltd"


ofcourse, if you choose to go for anonymous access you will need to reconfigure it in Bynari. See this article for how to achieve this.