Squid and LDAP



  • Hi

    I'm configuring a new install of pfsense and squid. I have authentication working against a windows 2003 AD server.

    I want to only allow some of my AD users access to the internet. I have been using IPcop which allows you to specify a group "Internet Users" in AD. So only users that are members of this group can browse.

    Is there a way to set this up in the Squid Proxy Server Authentication page? Or maybe there is another way to achieve this.

    Im wondering if I could use the "LDAP username DN attribute" or "LDAP search filter" input feilds to achive this.

    Any ideas?

    Thanks for your help



  • Got this sorted out with a nicely constructed search string in the LDAP search filter field, happy to give the solution if anyone needs it.



  • That's a nice piece of info… allways better to know when you do not need it than otherwise.
    ;)
    Could you post it here ?

    Thanks

    Jáder



  • Here is the filter, I have a group in AD for internet users. I have no idea if this is the best way to do this.

    (&(sAMAccountName=%s)(memberof:1.2.840.113556.1.4.1941:=CN=Group for internet users,CN=Users,DC=yourdomain,DC=yourdomain,DC=yourdomain))



  • Can you send a screenshot of your squid ldap tab to help people who searches the forum?



  • Oh yeah this is related to an earlier post:

    http://forum.pfsense.org/index.php/topic,41501.0.html

    The complete config for the Squid Proxy Server Authentication page can be found in the post.


Locked