Squid and LDAP
I'm configuring a new install of pfsense and squid. I have authentication working against a windows 2003 AD server.
I want to only allow some of my AD users access to the internet. I have been using IPcop which allows you to specify a group "Internet Users" in AD. So only users that are members of this group can browse.
Is there a way to set this up in the Squid Proxy Server Authentication page? Or maybe there is another way to achieve this.
Im wondering if I could use the "LDAP username DN attribute" or "LDAP search filter" input feilds to achive this.
Thanks for your help
Got this sorted out with a nicely constructed search string in the LDAP search filter field, happy to give the solution if anyone needs it.
jader last edited by
That's a nice piece of info… allways better to know when you do not need it than otherwise.
Could you post it here ?
Here is the filter, I have a group in AD for internet users. I have no idea if this is the best way to do this.
(&(sAMAccountName=%s)(memberof:1.2.840.1135220.127.116.111:=CN=Group for internet users,CN=Users,DC=yourdomain,DC=yourdomain,DC=yourdomain))
marcelloc last edited by
Can you send a screenshot of your squid ldap tab to help people who searches the forum?
Oh yeah this is related to an earlier post:
The complete config for the Squid Proxy Server Authentication page can be found in the post.