Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SquidGuard ldap user acl

    Scheduled Pinned Locked Moved Cache/Proxy
    2 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      deepak727
      last edited by

      Dear Members,

      Greetings of New Year,

      I am using pfsense 2.4.4-RELEASE-p3. as firewall and proxy server and Zentyal 6 as my active directory.

      I have successfully integrated squid to my active directory (Linux AD i.e. Zentyal 6) usind ldap authentication, below are the configuration parameter.

      Authentication Method : LDAP
      Authentication Server : 192.168.3.1
      Authentication server port : 389
      LDAP Version : 2
      LDAP Server User DN : CN=Administrator,CN=Users,DC=pe,DC=com
      LDAP Base Domain : DC=pe,DC=com
      LDAP Username DN Attribute : sAMAccountName
      LDAP Search Filter : (sAMAccountName=%s)

      I can successfully authenticate the users with above setting.

      Apart from that I want group base acl in squidguard with following settings.

      On main page

      Enable Ldap Filter = Checked
      Ldap DN = cn=squid,dc=pe,dc=com
      LDAP DN Password = password of user squid
      Strip NT domain name = Checked
      Strip Kerberos Realm = Checked
      LDAP Version = 2

      In Group filter I have created HOD group and using ldapuser search as follows.

      ldapusersearch ldap://192.168.3.1:3268/DC=pe,DC=com?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=HOD%2cOU=HOD%2cDC=pe%2cDC=com))

      Which means if an authenticated user is the member of HOD in AD then it will use the HOD group filter in SquidGuard. (Please correct me if I am wrong here.)

      But still my HOD users request going through the Common ACL.

      Please suggest what is wrong in my configuration.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        I would certainly expect that to work, or that approach at least, as long as that user really is in that group and LDAP is returning it.
        Check the logs.

        Steve

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.