[squid-users] Squid Forward Proxy for LDAP

Yuri Voinov yvoinov at gmail.com
Thu Dec 15 21:20:56 UTC 2016

15.12.2016 20:29, Bryan Peters пишет:
> My Google-fu seems to be coming up short.
> We have an application that ties into our users SSO/LDAP servers.  We,
> don't run an LDAP server of our own, we're just making outbound calls
> to their LDAP servers.
> I would like to proxy all outbound LDAP calls through Squid to get
> around some limitations of AWS and our customers need to whitelist an
> IP. (AWS load balancers don't have static IPs, some of our customers
> won't whitelist FQDNs in their firewall).
> Getting the traffic from our app server(s) to the Squid box hasn't
> been much of a problem.  I'm using Iptables/NAT to accomplish this.  
> TCPdump on the Squid machine sees  traffic coming in on 3128.
> I've added 389 as a 'safe port' in the squid config, created ACLs that
> allow the network the traffic is coming in on.  Yet squid never grabs
> the traffic and does anything with it.  The logs don't get updated at all.
> Am I incorrect about Squid being able to proxy LDAP traffic?  
Exactly. By definition, squid is only HTTP proxy. Initially.
Modern versions supports also HTTPS (with restrictions) and FTP (with
> Googling for this is sort of maddening as all forums, mailing lists,
> FAQs and documentation continues to come up for doing LDAP auth on a
> Squid machine, which isn't what I'm looking for at all.
Condolences. Thing you want is not possible by Squid.
> Any help you can give would be appreciated.
It can not help the fact that the product is not as a class. Squid - no
proxy all protocols in the world. Although it would not prevent the
availability of support for some of them - and it is certainly not FTP
(FTP - in 2016 the year indeed! :))
> Thanks
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

Cats - delicious. You just do not know how to cook them.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161216/320e3cd3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161216/320e3cd3/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161216/320e3cd3/attachment.sig>

More information about the squid-users mailing list