proxy server authenticating w/LDAP?
August 2, 2005 5:56 PM Subscribe
Anybody ever set up a proxy server that authenticates using an external LDAP server - so that (for example) off-campus university students can access third-party web services that are restricted to campus IP addresses?
Well, it is worth a shot!
I'm guessing that I would be using Squid, but the configuration is intimidating the heck out of me. RTFM? Or do you have any pointers? I'm not interested in caching - just authenticating and presenting a campus IP number to the third party services.
Well, it is worth a shot!
I'm guessing that I would be using Squid, but the configuration is intimidating the heck out of me. RTFM? Or do you have any pointers? I'm not interested in caching - just authenticating and presenting a campus IP number to the third party services.
EZproxy from useful utilities does this. Also check out libProxy. Same deal, harder setup (depends on apache 1.3 and mod_perl.
I'm in the midst of setting this very thing up for the school I work at. We chose EZProxy. It authenticated against ldap with about 4 lines of config code. Very easy.
posted by roue at 7:47 PM on August 2, 2005
I'm in the midst of setting this very thing up for the school I work at. We chose EZProxy. It authenticated against ldap with about 4 lines of config code. Very easy.
posted by roue at 7:47 PM on August 2, 2005
A proxy should NEVER be used for this. You want a VPN.
Oregon State University lets you use Cisco VPN as a client, which I assume means using Cisco routing, but I'm sure there are other VPN solutions out there.
Proxies have way, way too much risk. VPNs restrict the use to a certain set of domains/ips, plus can give access to network shares.
posted by devilsbrigade at 8:33 PM on August 2, 2005
Oregon State University lets you use Cisco VPN as a client, which I assume means using Cisco routing, but I'm sure there are other VPN solutions out there.
Proxies have way, way too much risk. VPNs restrict the use to a certain set of domains/ips, plus can give access to network shares.
posted by devilsbrigade at 8:33 PM on August 2, 2005
Response by poster: I can't restrict to a certain set of domains/ips, devilsbrigade, because legitimate off-campus students could be connecting from anywhere. What risks are there for a student authenticating (via https) to get a proxy connection to a web server?
posted by spock at 11:37 PM on August 2, 2005
posted by spock at 11:37 PM on August 2, 2005
« Older Social club for semi-retired men? | What are the best (graphically) designed sites on... Newer »
This thread is closed to new comments.
posted by 445supermag at 6:30 PM on August 2, 2005