Squid + OpenLDAP groups with single sign on/passthrough auth
I've been asked to attempt a setup as described in the subject line.
The LDAP is running on an OSX server and I have been able to get squid to do user based LDAP auth.
Problems I have are:
- the login popup in the browser (I have seen many docs saying the OS should share credentials but haven't been able to get that working)
- groups acl for ease of black/whitelisting the execs vs staff
Ideally I would have no IP based rules, just one login to the machine and whatever OS it is (we have Win7, OSX and CentOS) would pass the credentials on to squid.
Anyone fought this fight before and won?
I found out today that they're not opposed to replacing the OSX openLDAP if it is causing more problems that it's solving since it seems to be only doing half the job and then only really controlling the OSX machines.
So I'm currently cooking up a debian virtual machine to try to prove that it can/should be replaced.
Could anyone suggest the best approach? I'd like to stay away from a Win AD setup if possible but if I must then maybe I must…