proxy server authenticating w/LDAP?
August 2, 2005 5:56 PM   Subscribe

Anybody ever set up a proxy server that authenticates using an external LDAP server - so that (for example) off-campus university students can access third-party web services that are restricted to campus IP addresses?

Well, it is worth a shot!

I'm guessing that I would be using Squid, but the configuration is intimidating the heck out of me. RTFM? Or do you have any pointers? I'm not interested in caching - just authenticating and presenting a campus IP number to the third party services.
posted by spock to Computers & Internet (4 answers total)
Some schools already have this service, you may want to check before you go to too much trouble. I'd call the library. I have also used remote login on an XP computer on the school network (this assumes you have a login on an xp computer somewhere).
posted by 445supermag at 6:30 PM on August 2, 2005

EZproxy from useful utilities does this. Also check out libProxy. Same deal, harder setup (depends on apache 1.3 and mod_perl.

I'm in the midst of setting this very thing up for the school I work at. We chose EZProxy. It authenticated against ldap with about 4 lines of config code. Very easy.
posted by roue at 7:47 PM on August 2, 2005

A proxy should NEVER be used for this. You want a VPN.

Oregon State University lets you use Cisco VPN as a client, which I assume means using Cisco routing, but I'm sure there are other VPN solutions out there.

Proxies have way, way too much risk. VPNs restrict the use to a certain set of domains/ips, plus can give access to network shares.
posted by devilsbrigade at 8:33 PM on August 2, 2005

I can't restrict to a certain set of domains/ips, devilsbrigade, because legitimate off-campus students could be connecting from anywhere. What risks are there for a student authenticating (via https) to get a proxy connection to a web server?
posted by spock at 11:37 PM on August 2, 2005

« Older Social club for semi-retired men?   |   What are the best (graphically) designed sites on... Newer »
This thread is closed to new comments.