Proxy with authenticated group of user from external Openldap

I would like use NethServer modules Web proxy and Web Content Filter with Authenticated group of user from external Openldap, please recommend to solution.

Thank you

@Ya_Ley you need to create Template custom in order to point Web Proxy to the external LDAP server.

Hi Nas
Do you have some example to create Template custom for that?
Thank you

I try to use external, it work fine

auth_param basic program /usr/lib64/squid/basic_ldap_auth -b "ou=Users,dc=server,dc=localcenter,dc=local" -f 
"(&(uid=%s)(objectClass=posixAccount))" 10.50.xx.80

and then I try to use group “accessinternet” for filter but it is not work.

auth_param basic program /usr/lib64/squid/basic_ldap_auth -b "ou=Users,dc=server,dc=localcenter,dc=local"-f “(&(objectClass=posixAccount)(uid=%s)(memberof=cn=accessinternet,ou=Groups,dc=server,dc=localcenter,dc=local))” 10.50.xx.80

Please recommend
Thank you

I just want to point out this could work out of the box with NethServer 7. We are working on the proxy module and will release it in the next weeks.

As @nas said, you need a customization on NS6.

Thank you

To appreciate in value if the Nethserver Dev Team will add filters features like a Expression, Block searches for “proxy bypass” and “VPN”

When will the proxy module release on date and time? I am waiting to testing…

I can not waiting the NethServer 7, I will be use NethServer 6.8 so I try to test by added squidGuard.conf for filter in LDAP

#vi squidGuard.conf
ldapbinddn cn=libuser,dc=directory,dc=nh
ldapbindpass YNbN9dssaaXvae3C2

src src_vipprofile {
ldapusersearch ldap://localhost/dc=directory,dc=nh?uid?sub?(&(uid=%)

time workholiday {
weekly s 09:00-15:00
time workhours {
weekly mtwhfa 08:00-17:30

acl {

# Profile: staffprofile
src_staffprofile within workhours {
    pass !blacklist  !in-addr  !files  !builtin  !anonvpn  !chat  !forum  !hacking  !jobsearch  !phongsavahbank  !porn  !redirector  !spyware  !violence  !warez  !webtv  all

There are error in squidGuard.log and no filter in my rules.

#tail -f /var/log/squidGuard/squidGuard.log
2016-06-22 13:30:40 [3269] (squidGuard): can’t parse LDAP url ldap://localhost/dc=directory,dc=nh?uid?sub?(&(uid=%)(memberOf=cn=staffnet,ou=Groups,dc=directory,dc=nh))
2016-06-22 13:30:40 [3269] Added LDAP source: staff1

Please help to fix
Thank you

You can find the latest version of proxy/web filter released a couple of days ago, inside the nethserver-testing repository.

1 Like


Thank you

Hi @Ya_Ley

I was reading:

  1. NethServer to join OpenLDAP works
  2. Filter the contents will not work
  3. You can view users profile content filter?

Hi @jgjimenezs
For squid, I can not filters by LDAP group
For SquidGuard ,can filters by LDAP group
I want add syntax the external LDAP to templates

I try to add the template squid.conf/20acl_10_auth but syntax error, please help