Re: [squid-users] Squid Forward Proxy for LDAP

Thu, 15 Dec 2016 13:21:53 -0800 


15.12.2016 20:29, Bryan Peters пишет:
> My Google-fu seems to be coming up short.
>
> We have an application that ties into our users SSO/LDAP servers.  We,
> don't run an LDAP server of our own, we're just making outbound calls
> to their LDAP servers.
>
> I would like to proxy all outbound LDAP calls through Squid to get
> around some limitations of AWS and our customers need to whitelist an
> IP. (AWS load balancers don't have static IPs, some of our customers
> won't whitelist FQDNs in their firewall).
>
> Getting the traffic from our app server(s) to the Squid box hasn't
> been much of a problem.  I'm using Iptables/NAT to accomplish this.  
> TCPdump on the Squid machine sees  traffic coming in on 3128.
>
> I've added 389 as a 'safe port' in the squid config, created ACLs that
> allow the network the traffic is coming in on.  Yet squid never grabs
> the traffic and does anything with it.  The logs don't get updated at all.
>
> Am I incorrect about Squid being able to proxy LDAP traffic?  
Exactly. By definition, squid is only HTTP proxy. Initially.
Modern versions supports also HTTPS (with restrictions) and FTP (with
restrictions).
>
> Googling for this is sort of maddening as all forums, mailing lists,
> FAQs and documentation continues to come up for doing LDAP auth on a
> Squid machine, which isn't what I'm looking for at all.
Condolences. Thing you want is not possible by Squid.
>
> Any help you can give would be appreciated.
It can not help the fact that the product is not as a class. Squid - no
proxy all protocols in the world. Although it would not prevent the
availability of support for some of them - and it is certainly not FTP
(FTP - in 2016 the year indeed! :))
>
> Thanks
>
>
> _______________________________________________
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-- 
Cats - delicious. You just do not know how to cook them.

Attachment: 0x613DEC46.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to