Group-ldap-auth provides a mechanism for authenticating users as members of static or dynamic groups against a LDAP directory from a Squid proxy server.

The Present

The current and supported release is the 1.4 release for 2.4 STABLE7 (released 2002-09-23).

You can download the release here, and read the release notes here.

The Past

If you are looking for information on releases for Squid 2.3, look here.

The Future

LDAP group authentication will be included in Squid 2.5, and this module will most likely become extinct.


How do I install the patch?

First, gunzip the patch file. Then go to the top of the squid source directory and run the patch command stripping off the first two parts of the path. Example:

    % cd ~/src/squid-2.4.STABLE6/
    % patch -p2 < ~/group-ldap-auth.diff-2.4.STABLE6-1.3

Can I use group-ldap-auth with Microsoft's Active Directory?

The following was submitted from a user:

I use it [version 1.4] with an SSL-enabled Active Directory Server with the following configuration:

ldap_auth_program /usr/lib/squid/group_ldap_auth -b dc=my-domain,dc=de -h \ -p 636 -g distinguishedName -d CN=lookup,OU=Services,\
OU=Users,DC=my-domain,DC=de -w lookup -u cn -m member -o group -S -l \

acl ldap_backoffice ldap_auth static 'CN=BackOffice,OU=Groups,dc=my-domain,dc=de'
acl ldap_management ldap_auth static 'CN=Management,OU=Groups,dc=my-domain,dc=de'
acl ldap_it-service ldap_auth static 'CN=IT-Service,OU=Groups,dc=my-domain,dc=de'
acl ldap_development ldap_auth static 'CN=DEVELOPMENT,OU=Groups,dc=my-domain,dc=de'

http_access allow ldap_development
http_access allow ldap_backoffice
http_access allow ldap_management
http_access allow ldap_it-service
http_access deny all

Microsoft AD uses 'cn' as the uid attribute, 'group' as objectclass that defines
a group and 'distinguishedName' as the attribute that identifies a group. With 
these settings group_ldap_auth runs out of the box and you can use your Microsoft
AD groups to authenticate.


email me with any questions.

