1. Make 2. Required Libraries 3. Configuration 4. Options 5. Problems 1. Make ------- Extract the file you downloadede: squid_auth_ldap..tar.gz: tar zxfv squid_auth_ldap..tar.gz cd squid_auth_ldap. make make install Per. default it will install in /usr/local/squid/bin/auth 2. Required Libraries --------------------- The following libraries are needed: - ldap - lber (part of ldap) - resolv - crypt Please make sure that you have OpenLDAP installed. If installed from RPM's make sure that you have openldap-devel installed otherwise you will not be able to make it.. Resolve should be part of any distribution, but if you get problems make sure that you have libresolv.so in /usr/lib - otherwise install it. 3. Configuration ---------------- Any issues regarding Squid configuration, please consult the documentation for Squid - I'm not able to help with that. This is the information which has to be entered in squid.conf authenticate_program /usr/local/squid/bin/squid_auth_ldap \ -S ldap.acme.com -s o=acme -g cn=users,o=acme or you can use a configuration file authenticate_program /usr/local/squid/bin/squid_auth_ldap \ -f squid_auth_ldap.conf // CUT - squid_auth_ldap.conf 1) ldapserver myldap.acme.com 2) ldapport 389 3) searchbase o=acme 4) proxygroup cn=users,o=acme 5) loglevel 0 // CUT 1) Which LDAP server do we want to use 2) Which port does it listen on (optional) 3) Searchbase - guess.... 4) Force a group (optional) 5) Loglevel (default 0) 0 - 3 For more options run squid_auth_ldap with out options on a commandline. // CUT - acl information in squid.conf 1) acl all 0.0.0.0/0.0.0.0 2) acl user_password proxy_auth REQUIRED 3) http_access allow user_password 4) http_access deny all // CUT 1) acl for all 2) force password 3) only allow access for authenticated users 4) deny everyone else 4. Options ---------- The following runtime options are available, options in [] are for the configuration file ([CONFIGURATION FILE]): -f configuration file -S ldapServer [LDAPSERVER] -p ldapPort (default 389) [LDAPPORT] -s searchBase [SEARCHBASE] -g proxyGroup [PROXYGROUP] -G group attribute (default "groupMembership") [GROUPATTR] -U user attribute (default "uid") [USERATTR] -l logfile (not implemented - using syslog) -d debug level <0..3> (default 0) [LOGLEVEL] -e debug - logs to stderr -D binddn [BINDDN] -w bindpassword [BINDPWD] -h help The only mandertory options are: ldapServer and searchBase. 5. Problems ----------- - ldap problems Make sure that your ldap server is running as your able to use ldapsearch to authenticate a user: ldapsearch -h -b -s sub -D cn=,... -W password \ "cn=" cn - compile gives errors Make sure that you have the required libraries - please do not bother me with error where the linker cannot find ldap_ function during linking.