Install openLDAP server on pfsense
I have a pfsense router with 25 clients ( linux and windows ). I want to filter the internet traffic for some of the clients using squid guard.
Squid guard is working for all clients but now I want to create filters for each client / client group
I have researched the options and I would like to use openLDAP for auth on each client and squid filtering.
I have browsed the pfsense documentation and all I can find is connecting pfense with external openLDAP server but not installing openLDAP on pfSense.
can you please tell me how can I install open ldap server on pfsense.
"I have browsed the pfsense documentation and all I can find is connecting pfense with external openLDAP server but not installing openLDAP on pfSense."
I think you have answered your question just there.
May I suggest the easier route of dusting off an older machine if possible and repurpose it for a new duty. You may find "389 Directory Server" at fedoraproject.org interesting also. Hardware requirements seem minimal. Personally I think you may be trying to swim up stream here with LDAP installed into pfSense. With less headache and no worries of bricking the firewall you may be better off in the long run of a seperate machine.
Unless you feel like developing a new package for pfSense.
Just a thought. ;)
There is no reliable way to do that on pfSense itself. A separate box is best anyhow. There are far, far too many variables in LDAP to generalize it properly in a package on pfSense.
If you need something pre-packaged with a GUI, check out a distro like Turn Key Linux.
I have installed openLDAP in a separate box, right now I have the pfsense box with all the configs in place including squid and squid guard and another box with openLDAP.
squid is configured as an transparent proxy because some of the employees use applications that don't support proxy configs and terminal applications as well.
in the squid config page I have noticed that you can't use transparent proxy with authentication. Can you please tell be another way around it the propose here is to filter the internet traffic depending on user / group