Answer the question
In order to leave comments, you need to log in
G
G
Godless2020-02-28 11:52:23
Godless, 2020-02-28 11:52:23
SquidGuard or equivalent with support for groups in ActiveDirectory via LDAPS?
Good afternoon, colleagues!
Imagine the situation is SQUID.
There is SquidGuard, which pulls groups from the user from AD and lets or does not let the user into the site.
The March update promises to enable SSL/TLS for LDAP ( one , two ) and here the questions arise:
1. Authorization squid - is it possible to enable encryption?
can.
auth_param basic program /usr/lib/squid/basic_ldap_auth -Z -v 3 ....................2. SquidGuard - is it possible to enable encryption?
you can't :-(
And actually the questions:
1. Is there a workaround?
2. How to replace SquidGuard (using 1.6 from debian ep)?
There is also ufdbGuard, but it doesn't support LDAP at all...
3 answer(s)
@athacker
@CityCat4
@SignFinder
A
athacker, 2020-02-28 @athacker
Strictly speaking, Squid can do everything itself. There is AD authentication, filtering lists, etc. Why didn't you like the built-in functionality of Squid?
C
CityCat4, 2020-02-28 @CityCat4
To eat, negotiate_kerberos_auth has been working since unknown shaggy times, years ... well, I don’t remember, probably since 2010 ... There is also ext_kerberos_ldap_group_acl - what is the love for necrosoft? Is SquidGuard still alive?
There were a couple of articles on setting up a squid in the throwing magazine "System Administrator" (which last year notably threw me, then it seemed to promise to improve, but did not fix it), one of them was definitely devoted to the topic of access control through AD groups
A
Alexey Dmitriev, 2020-02-28 @SignFinder
The March update promised to disable LDAP and leave only LDAPS.
But according to the latest information, MS has postponed this to the second half of 2020.
Similar questions
V
D
N
C
N
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question