<div dir="ltr"><div class="gmail_signature"><div dir="ltr"><div><span style="font-size:12.8px">My Google-fu seems to be coming up short.</span><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">We have an application that ties into our users SSO/LDAP servers. We, don't run an LDAP server of our own, we're just making outbound calls to their LDAP servers.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">I would like to proxy all outbound LDAP calls through Squid to get around some limitations of AWS and our customers need to whitelist an IP. (AWS load balancers don't have static IPs, some of our customers won't whitelist FQDNs in their firewall).</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Getting the traffic from our app server(s) to the Squid box hasn't been much of a problem. I'm using Iptables/NAT to accomplish this. TCPdump on the Squid machine sees traffic coming in on 3128.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">I've added 389 as a 'safe port' in the squid config, created ACLs that allow the network the traffic is coming in on. Yet squid never grabs the traffic and does anything with it. The logs don't get updated at all.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Am I incorrect about Squid being able to proxy LDAP traffic? </div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Googling for this is sort of maddening as all forums, mailing lists, FAQs and documentation continues to come up for doing LDAP auth on a Squid machine, which isn't what I'm looking for at all.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Any help you can give would be appreciated.</div><div style="font-size:12.8px"><div><br></div><div>Thanks</div></div></div></div></div>
</div>