LDAP Authentication

Note!
The LDAP authentication wiki page needs lots of attention. Please feel free to update this page to make it better.

Note: The web proxy must be running in non-transparent (i.e., conventional) mode for authentication.

Authentication Method - LDAP

LDAP

The Local authentication method (auth_param basic programm) offers ... TBD...

Global authentication settings

Number of authentication processes

Specifies the authentication process which can be started. If more authentication processes are needed, so there may be delays during authentication. To correct this behavior, it would help to set the value up (default value are 5).

Authentication cache TTL (in minutes)

Specifies the "time-to-live" value of the cached user data in minutes. This value is measured from the last request (default 60 min.) .

Limit of IP addresses per user

Here you can set how many simultaneous logins per user are permitted (default is empty <-> means any number).

Require authentication for unrestricted source addresses

Unrestricted IP addresses are also subject to local authentication. If this option is disabled, an authentication does not apply to unrestricted IPs.

Authentication realm prompt

Here, an individual created text can be edited which will be displayed during the authentication process.

Domains without authentication (one per line)

Defines domains which work also without authentication.

Common LDAP settings

Base DN

TBD...

LDAP Server

TBD...

Bind DN settings

Bind DN username

TBD...

Bind DN password

TBD...

Group based access control

Required group

TBD...

Links

• squid-cache wiki Configuring a Squid Server to authenticate off LDAP
• Wikipedia - Lightweight Directory Access Protocol