Proxy with authenticated group of user from external Openldap

Ya_Ley · June 3, 2016, 2:48am

Hi
I would like use NethServer modules Web proxy and Web Content Filter with Authenticated group of user from external Openldap, please recommend to solution.

Thank you

Nas · June 6, 2016, 7:17am

@Ya_Ley you need to create Template custom in order to point Web Proxy to the external LDAP server.

Ya_Ley · June 6, 2016, 7:57am

Hi Nas
Do you have some example to create Template custom for that?
Thank you
Yaya

Ya_Ley · June 9, 2016, 8:25am

Hi
I try to use external, it work fine

auth_param basic program /usr/lib64/squid/basic_ldap_auth -b "ou=Users,dc=server,dc=localcenter,dc=local" -f 
"(&(uid=%s)(objectClass=posixAccount))" 10.50.xx.80

and then I try to use group “accessinternet” for filter but it is not work.

auth_param basic program /usr/lib64/squid/basic_ldap_auth -b "ou=Users,dc=server,dc=localcenter,dc=local"-f “(&(objectClass=posixAccount)(uid=%s)(memberof=cn=accessinternet,ou=Groups,dc=server,dc=localcenter,dc=local))” 10.50.xx.80

Please recommend
Thank you
Ya

davidep · June 9, 2016, 9:01am

I just want to point out this could work out of the box with NethServer 7. We are working on the proxy module and will release it in the next weeks.

As @nas said, you need a customization on NS6.

Ya_Ley · June 9, 2016, 10:10am

Thank you

Ya_Ley · June 10, 2016, 1:57am

Hi
To appreciate in value if the Nethserver Dev Team will add filters features like a Expression, Block searches for “proxy bypass” and “VPN”

Ya_Ley · June 15, 2016, 4:13am

When will the proxy module release on date and time? I am waiting to testing…

Ya_Ley · June 22, 2016, 6:43am

Hi
I can not waiting the NethServer 7, I will be use NethServer 6.8 so I try to test by added squidGuard.conf for filter in LDAP

#vi squidGuard.conf
ldapbinddn cn=libuser,dc=directory,dc=nh
ldapbindpass YNbN9dssaaXvae3C2

src src_vipprofile {
ldapusersearch ldap://localhost/dc=directory,dc=nh?uid?sub?(&(uid=%)

(memberOf=cn=staffnet,ou=Groups,dc=directory,dc=nh))
time workholiday {
weekly s 09:00-15:00
}
time workhours {
weekly mtwhfa 08:00-17:30
}

acl {

# Profile: staffprofile
src_staffprofile within workhours {
    pass !blacklist  !in-addr  !files  !builtin  !anonvpn  !chat  !forum  !hacking  !jobsearch  !phongsavahbank  !porn  !redirector  !spyware  !violence  !warez  !webtv  all
}

There are error in squidGuard.log and no filter in my rules.

#tail -f /var/log/squidGuard/squidGuard.log
2016-06-22 13:30:40 [3269] (squidGuard): can’t parse LDAP url ldap://localhost/dc=directory,dc=nh?uid?sub?(&(uid=%)(memberOf=cn=staffnet,ou=Groups,dc=directory,dc=nh))
2016-06-22 13:30:40 [3269] Added LDAP source: staff1

Please help to fix
Thank you

giacomo · June 22, 2016, 7:02am

You can find the latest version of proxy/web filter released a couple of days ago, inside the nethserver-testing repository.

Ya_Ley · June 24, 2016, 11:22am

Hi

Thank you

jgjimenezs · July 8, 2016, 10:26am

Hi @Ya_Ley

I was reading:

NethServer to join OpenLDAP works
Filter the contents will not work
You can view users profile content filter?

Ya_Ley · July 8, 2016, 2:49pm

Hi @jgjimenezs
For squid, I can not filters by LDAP group
For SquidGuard ,can filters by LDAP group
I want add syntax the external LDAP to templates

Ya_Ley · July 12, 2016, 2:53am

I try to add the template squid.conf/20acl_10_auth but syntax error, please help