Squid Proxy and LDAP Authentication



  • We are trying to setup the LDAP filter  within Squid and so far managed to get this running with 1 secuirty group from our Microsoft Windows 2008r2 server.  But what we are wanting to do is able to have multiple groups, so for example staff and management.  But am having difficulty in getting the LDAP filter correct, I can get it working with one group but not multple.  The line I am using is below

    (&(memberOf=cn=managemet,ou=staff,dc=domain,dc=co,dc=uk)(sAMAccountName=%s))

    But how will I add the second security group to this line?

    Thank you in advance.



  • From a pure technical standpoint, you could do this:
    (&((|(memberOf=cn=group_A,ou=staff,dc=domain,dc=co,dc=uk)(memberOf=cn=group_B,ou=staff,dc=domain,dc=co,dc=uk))(sAMAccountName=%s))

    or use one single group in Squid that is matching one group in AD containing multiple AD groups. Does this work?

    I'm also not using pfSense Squid package  ;) therefore I don't know the interface neither features that are exposed but Squid allows to create multiple rules. The first one matching will apply. Therefore you're not obliged to merge everything into one single LDAP search isn't? (unless pfSense implement brings some restrictions here  :-[)


Log in to reply