LDAP Authentication For Squid

One of the things you want to do as you integrate your systems would be to have them authenticate from a common user base. That user base is usually an LDAP source, in my case Microsoft Active Directory (don’t say anything!!!). One of the systems you would want to use the common user base is your web proxy, Squid in my case. Here is how to integrate the two. It’s quite simple actually though, as usual, LDAP gave me a bit of a hard time.

First you need to configure Squid to use LDAP. Just add the following in your squid.conf:

auth_param basic program /usr/lib/squid/squid_ldap_auth -P -R -b “dc=your,dc=domain” -D “cn=user,cn=Users,dc=your,dc=domain” -w “password” -f “(&(objectClass=person)(sAMAccountName=%s))” yourldapserver

If you’re encountering problems add the -d parameter at the end and do a tail -f on /var/log/squid/cache.log Now that Squid can authenticate using LDAP, just add your ACLs in squid.conf:

acl youracl1 proxy_auth “/path/to/userlist”
http_access allow youracl1

That’s it!