-   Linux - Software (
-   -   Choose the best proxy+openldap solution (

trv@dmin 09-30-2008 07:32 AM

Choose the best proxy+openldap solution
Hi everyone! I'm beginner in this issue and I need help to choose proxy+openldap solution. Which proxy does work with openldap users and can make reports for every user's traffic and list of visited sites?
Which proxy+openldap do you use?

SkyEye 10-01-2008 12:18 AM

Well, Squid is a popular and capable proxy which supports addons too. And Squid support LDAP authentication. Have a look at this one example.

EDIT: I forgot to mention that report generation is also well supported. In fact there are even commercial tools to parse Squid logs.

trv@dmin 10-01-2008 01:59 AM

Thanks for response SkyEye.

Are there any suggestions else?

Felipe 10-01-2008 02:46 AM

I use squid to authenticate against Active Directory and Oracle Database (and easy to use any other repository as OpenLdap as I request the AD as a LDAP).

What I do is to use Squid as a reverse proxy that captures the URL. With the url, I request the user to authenticate (only once per session of navigator) and use the information of user/url to know if the user can access the url. The information is saved into groups of AD or Database.
In AD/database I also save which profile the user belong to, so it's a centralized and fast way of implementing security.

user type http://server/Apli/subdir/

I look for the user in "Apli" group of AD and later if user belong to "Apli@subdir" group of AD.
And squid allows you to rewrite URL, so you can send applications information no typed by user as:
http:/server/Apli/subdir/?user=username&profile=profileName&... (other information extracted from AD or DB).

Another important thing is than you can use certificates to identify users (and PCSC). And it's compatible for windows and Linux clients (and supposed that other OS).

I use squid and it's powerful and very, very stable.

I hope this can help you.


All times are GMT -5. The time now is 05:15 AM.