Squid and LDAP
-
Hi
I'm configuring a new install of pfsense and squid. I have authentication working against a windows 2003 AD server.
I want to only allow some of my AD users access to the internet. I have been using IPcop which allows you to specify a group "Internet Users" in AD. So only users that are members of this group can browse.
Is there a way to set this up in the Squid Proxy Server Authentication page? Or maybe there is another way to achieve this.
Im wondering if I could use the "LDAP username DN attribute" or "LDAP search filter" input feilds to achive this.
Any ideas?
Thanks for your help
-
Got this sorted out with a nicely constructed search string in the LDAP search filter field, happy to give the solution if anyone needs it.
-
That's a nice piece of info… allways better to know when you do not need it than otherwise.
;)
Could you post it here ?Thanks
Jáder
-
Here is the filter, I have a group in AD for internet users. I have no idea if this is the best way to do this.
(&(sAMAccountName=%s)(memberof:1.2.840.113556.1.4.1941:=CN=Group for internet users,CN=Users,DC=yourdomain,DC=yourdomain,DC=yourdomain))
-
Can you send a screenshot of your squid ldap tab to help people who searches the forum?
-
Oh yeah this is related to an earlier post:
http://forum.pfsense.org/index.php/topic,41501.0.html
The complete config for the Squid Proxy Server Authentication page can be found in the post.