Comments on: proxy server authenticating w/LDAP?

Question: proxy server authenticating w/LDAP?

spock — Tue, 02 Aug 2005 17:56:46 -0800

Anybody ever set up a proxy server that authenticates using an external LDAP server - so that (for example) off-campus university students can access third-party web services that are restricted to campus IP addresses?

Well, it is worth a shot!

I'm guessing that I would be using Squid, but the configuration is intimidating the heck out of me. RTFM? Or do you have any pointers? I'm not interested in caching - just authenticating and presenting a campus IP number to the third party services.

By: 445supermag

445supermag — Tue, 02 Aug 2005 18:30:51 -0800

Some schools already have this service, you may want to check before you go to too much trouble. I'd call the library. I have also used remote login on an XP computer on the school network (this assumes you have a login on an xp computer somewhere).

By: roue

roue — Tue, 02 Aug 2005 19:47:02 -0800

EZproxy from useful utilities does this. Also check out libProxy. Same deal, harder setup (depends on apache 1.3 and mod_perl.

I'm in the midst of setting this very thing up for the school I work at. We chose EZProxy. It authenticated against ldap with about 4 lines of config code. Very easy.

By: devilsbrigade

devilsbrigade — Tue, 02 Aug 2005 20:33:16 -0800

A proxy should NEVER be used for this. You want a VPN.

Oregon State University lets you use Cisco VPN as a client, which I assume means using Cisco routing, but I'm sure there are other VPN solutions out there.

Proxies have way, way too much risk. VPNs restrict the use to a certain set of domains/ips, plus can give access to network shares.

By: spock

spock — Tue, 02 Aug 2005 23:37:13 -0800

I can't restrict to a certain set of domains/ips, devilsbrigade, because legitimate off-campus students could be connecting from anywhere. What risks are there for a student authenticating (via https) to get a proxy connection to a web server?