LDAP Authentication

Note!
The LDAP authentication wiki page needs lots of attention. Please feel free to update this page to make it better.

Note: The web proxy must be running in non-transparent (i.e., conventional) mode for authentication.

Authentication Method - LDAP

LDAP

The Local authentication method (auth_param basic programm) offers ...
FIXME

Global authentication settings

Number of authentication processes

Specifies the authentication process which can be started. If more authentication processes are needed, so there may be delays during authentication. To correct this behavior, it would help to set the value up (default value are 5).

Authentication cache TTL (in minutes)

Specifies the "time-to-live" value of the cached user data in minutes. This value is measured from the last request (default 60 min.) .

Limit of IP addresses per user

Here you can set how many simultaneous logins per user are permitted (default is empty <-> means any number).

Require authentication for unrestricted source addresses

Unrestricted IP addresses are also subject to local authentication. If this option is disabled, an authentication does not apply to unrestricted IPs.

Authentication realm prompt

Here, an individual created text can be edited which will be displayed during the authentication process.

Domains without authentication (one per line)

Defines domains which work also without authentication.

Common LDAP settings

Base DN

FIXME

LDAP Server

FIXME

Bind DN settings

Bind DN username

FIXME

Bind DN password

FIXME

Group based access control

Required group

FIXME

Links

• squid-cache wiki Configuring a Squid Server to authenticate off LDAP
• Wikipedia - Lightweight Directory Access Protocol