group-ldap-auth

Group-ldap-auth provides a mechanism for authenticating users as members of static or dynamic groups against a LDAP directory from a Squid proxy server.

If you would like to receive announcements about changes to this project, please subscribe to the announce mailing list. There is also a help mailing list. If you would like to help others use group-ldap-auth, or are looking for help, please subscribe.

The Present

The current and supported release is the 1.4 release for 2.4 STABLE7 (released 2002-09-23).

You can download the release here, and read the release notes here.

The Past

If you are looking for information on releases for Squid 2.3, look here.

The Future

LDAP group authentication will be included in Squid 2.5, and this module will most likely become extinct.

FAQ

How do I install the patch?

First, gunzip the patch file. Then go to the top of the squid source directory and run the patch command stripping off the first two parts of the path. Example:

    % cd ~/src/squid-2.4.STABLE6/
    % patch -p2 < ~/group-ldap-auth.diff-2.4.STABLE6-1.3

Can I use group-ldap-auth with Microsoft's Active Directory?

The following was submitted from a user:

I use it [version 1.4] with an SSL-enabled Active Directory Server with the following configuration:

ldap_auth_program /usr/lib/squid/group_ldap_auth -b dc=my-domain,dc=de -h \
server.my-domain.de -p 636 -g distinguishedName -d CN=lookup,OU=Services,\
OU=Users,DC=my-domain,DC=de -w lookup -u cn -m member -o group -S -l \
/var/log/squid/ldaplog

acl ldap_backoffice ldap_auth static 'CN=BackOffice,OU=Groups,dc=my-domain,dc=de'
acl ldap_management ldap_auth static 'CN=Management,OU=Groups,dc=my-domain,dc=de'
acl ldap_it-service ldap_auth static 'CN=IT-Service,OU=Groups,dc=my-domain,dc=de'
acl ldap_development ldap_auth static 'CN=DEVELOPMENT,OU=Groups,dc=my-domain,dc=de'

http_access allow ldap_development
http_access allow ldap_backoffice
http_access allow ldap_management
http_access allow ldap_it-service
http_access deny all

Microsoft AD uses 'cn' as the uid attribute, 'group' as objectclass that defines
a group and 'distinguishedName' as the attribute that identifies a group. With 
these settings group_ldap_auth runs out of the box and you can use your Microsoft
AD groups to authenticate.


Support

If you use group-ldap-auth and would like to donate money to help offset the costs of development and support, please send donations using this paypal button:

email me with any questions.


SourceForge Logo Squid Now! Uses OpenLDAP