[squid-users] Squid Forward Proxy for LDAP

Brendan Kearney bpk678 at gmail.com
Thu Dec 15 23:36:40 UTC 2016

On 12/15/2016 04:20 PM, Yuri Voinov wrote:
> 15.12.2016 20:29, Bryan Peters пишет:
>> My Google-fu seems to be coming up short.
>> We have an application that ties into our users SSO/LDAP servers.  
>> We, don't run an LDAP server of our own, we're just making outbound 
>> calls to their LDAP servers.
>> I would like to proxy all outbound LDAP calls through Squid to get 
>> around some limitations of AWS and our customers need to whitelist an 
>> IP. (AWS load balancers don't have static IPs, some of our customers 
>> won't whitelist FQDNs in their firewall).
>> Getting the traffic from our app server(s) to the Squid box hasn't 
>> been much of a problem.  I'm using Iptables/NAT to accomplish this.   
>> TCPdump on the Squid machine sees  traffic coming in on 3128.
>> I've added 389 as a 'safe port' in the squid config, created ACLs 
>> that allow the network the traffic is coming in on.  Yet squid never 
>> grabs the traffic and does anything with it.  The logs don't get 
>> updated at all.
>> Am I incorrect about Squid being able to proxy LDAP traffic?
> Exactly. By definition, squid is only HTTP proxy. Initially.
> Modern versions supports also HTTPS (with restrictions) and FTP (with 
> restrictions).
>> Googling for this is sort of maddening as all forums, mailing lists, 
>> FAQs and documentation continues to come up for doing LDAP auth on a 
>> Squid machine, which isn't what I'm looking for at all.
> Condolences. Thing you want is not possible by Squid.
>> Any help you can give would be appreciated.
> It can not help the fact that the product is not as a class. Squid - 
> no proxy all protocols in the world. Although it would not prevent the 
> availability of support for some of them - and it is certainly not FTP 
> (FTP - in 2016 the year indeed! :))
>> Thanks
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
> -- 
> Cats - delicious. You just do not know how to cook them.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

if you want to proxy LDAP, why not use LDAP to do it?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161215/7a7fa1b0/attachment-0001.html>

More information about the squid-users mailing list