<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 12/15/2016 04:20 PM, Yuri Voinov
wrote:<br>
</div>
<blockquote
cite="mid:16ee3c45-cf95-51be-d4db-4ab180e6c170@gmail.com"
type="cite">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">15.12.2016 20:29, Bryan Peters пишет:<br>
</div>
<blockquote
cite="mid:CAL0tzXMmsb0gn+KiOOVUOa-EUJ9VjYyNvttf+7KGWX_eC4LCpg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_signature">
<div dir="ltr">
<div><span style="font-size:12.8px">My Google-fu seems to
be coming up short.</span>
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px">We have an application
that ties into our users SSO/LDAP servers. We, don't
run an LDAP server of our own, we're just making
outbound calls to their LDAP servers.</div>
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px">I would like to proxy all
outbound LDAP calls through Squid to get around some
limitations of AWS and our customers need to whitelist
an IP. (AWS load balancers don't have static IPs, some
of our customers won't whitelist FQDNs in their
firewall).</div>
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px">Getting the traffic from
our app server(s) to the Squid box hasn't been much of
a problem. I'm using Iptables/NAT to accomplish this.
TCPdump on the Squid machine sees traffic coming in
on 3128.</div>
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px">I've added 389 as a 'safe
port' in the squid config, created ACLs that allow the
network the traffic is coming in on. Yet squid never
grabs the traffic and does anything with it. The logs
don't get updated at all.</div>
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px">Am I incorrect about Squid
being able to proxy LDAP traffic? <br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
Exactly. By definition, squid is only HTTP proxy. Initially. <br>
Modern versions supports also HTTPS (with restrictions) and FTP
(with restrictions).<br>
<blockquote
cite="mid:CAL0tzXMmsb0gn+KiOOVUOa-EUJ9VjYyNvttf+7KGWX_eC4LCpg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_signature">
<div dir="ltr">
<div>
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px">Googling for this is sort
of maddening as all forums, mailing lists, FAQs and
documentation continues to come up for doing LDAP auth
on a Squid machine, which isn't what I'm looking for
at all.</div>
</div>
</div>
</div>
</div>
</blockquote>
Condolences. Thing you want is not possible by Squid.<br>
<blockquote
cite="mid:CAL0tzXMmsb0gn+KiOOVUOa-EUJ9VjYyNvttf+7KGWX_eC4LCpg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_signature">
<div dir="ltr">
<div>
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px">Any help you can give
would be appreciated.</div>
</div>
</div>
</div>
</div>
</blockquote>
It can not help the fact that the product is not as a class. Squid
- no proxy all protocols in the world. Although it would not
prevent the availability of support for some of them - and it is
certainly not FTP (FTP - in 2016 the year indeed! :))<br>
<blockquote
cite="mid:CAL0tzXMmsb0gn+KiOOVUOa-EUJ9VjYyNvttf+7KGWX_eC4LCpg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_signature">
<div dir="ltr">
<div>
<div style="font-size:12.8px">
<div><br>
</div>
<div>Thanks</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
squid-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
Cats - delicious. You just do not know how to cook them.</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<p>if you want to proxy LDAP, why not use LDAP to do it?</p>
<p><a class="moz-txt-link-freetext" href="http://www.openldap.org/doc/admin23/proxycache.html">http://www.openldap.org/doc/admin23/proxycache.html</a></p>
<p><br>
</p>
</body>
</html>