Configure Squid for OpenLDAP Authentication

This article assumes both Squid and OpenLDAP services are installed on the same Debian Wheezy server. 


Software used in this article:

  1. Debian Wheezy
  2. Squid 3.1.20
  3. OpenLDAP 2.4.31

Before We Begin

You may want to check this article for how to set up Squid.

You may want to check this article for how to set up OpenLDAP.

Squid OpenLDAP Configuration

Check if Squid can connect to OpenLDAP:

$ /usr/lib/squid3/squid_ldap_auth -v 3 -b "ou=Users,,dc=top" -D "cn=guest,dc=top" -W localhost
user passwd

Open /etc/squid3/squid.conf and add the following lines:

auth_param basic program /usr/lib/squid3/squid_ldap_auth -v 3 -b "ou=Users,,dc=top" -D "cn=guest,dc=top" -w passwd localhost

acl ldap-auth proxy_auth REQUIRED

http_access allow ldap-auth
http_access allow localhost
http_access deny all

Prevent the Squid configuration file from being world-readable:

# chmod 0640 /etc/squid3/squid.conf

Restart the Squid service:

# service squid3 restart

Leave a Reply

Your email address will not be published. Required fields are marked *