[squid-users] Squid Forward Proxy for LDAP
Yuri Voinov
yvoinov at gmail.com
Thu Dec 15 21:20:56 UTC 2016
15.12.2016 20:29, Bryan Peters пишет:
> My Google-fu seems to be coming up short.
>
> We have an application that ties into our users SSO/LDAP servers. We,
> don't run an LDAP server of our own, we're just making outbound calls
> to their LDAP servers.
>
> I would like to proxy all outbound LDAP calls through Squid to get
> around some limitations of AWS and our customers need to whitelist an
> IP. (AWS load balancers don't have static IPs, some of our customers
> won't whitelist FQDNs in their firewall).
>
> Getting the traffic from our app server(s) to the Squid box hasn't
> been much of a problem. I'm using Iptables/NAT to accomplish this.
> TCPdump on the Squid machine sees traffic coming in on 3128.
>
> I've added 389 as a 'safe port' in the squid config, created ACLs that
> allow the network the traffic is coming in on. Yet squid never grabs
> the traffic and does anything with it. The logs don't get updated at all.
>
> Am I incorrect about Squid being able to proxy LDAP traffic?
Exactly. By definition, squid is only HTTP proxy. Initially.
Modern versions supports also HTTPS (with restrictions) and FTP (with
restrictions).
>
> Googling for this is sort of maddening as all forums, mailing lists,
> FAQs and documentation continues to come up for doing LDAP auth on a
> Squid machine, which isn't what I'm looking for at all.
Condolences. Thing you want is not possible by Squid.
>
> Any help you can give would be appreciated.
It can not help the fact that the product is not as a class. Squid - no
proxy all protocols in the world. Although it would not prevent the
availability of support for some of them - and it is certainly not FTP
(FTP - in 2016 the year indeed! :))
>
> Thanks
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
--
Cats - delicious. You just do not know how to cook them.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161216/320e3cd3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161216/320e3cd3/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161216/320e3cd3/attachment.sig>
More information about the squid-users
mailing list