Squid and LDAP

  • Hi

    I'm configuring a new install of pfsense and squid. I have authentication working against a windows 2003 AD server.

    I want to only allow some of my AD users access to the internet. I have been using IPcop which allows you to specify a group "Internet Users" in AD. So only users that are members of this group can browse.

    Is there a way to set this up in the Squid Proxy Server Authentication page? Or maybe there is another way to achieve this.

    Im wondering if I could use the "LDAP username DN attribute" or "LDAP search filter" input feilds to achive this.

    Any ideas?

    Thanks for your help

  • Got this sorted out with a nicely constructed search string in the LDAP search filter field, happy to give the solution if anyone needs it.

  • That's a nice piece of info… allways better to know when you do not need it than otherwise.
    Could you post it here ?



  • Here is the filter, I have a group in AD for internet users. I have no idea if this is the best way to do this.

    (&(sAMAccountName=%s)(memberof:1.2.840.113556.1.4.1941:=CN=Group for internet users,CN=Users,DC=yourdomain,DC=yourdomain,DC=yourdomain))

  • Can you send a screenshot of your squid ldap tab to help people who searches the forum?

  • Oh yeah this is related to an earlier post:


    The complete config for the Squid Proxy Server Authentication page can be found in the post.

Log in to reply