summaryrefslogtreecommitdiff
path: root/docs/services
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2019-05-09 23:10:12 +0200
committerChristian Poessinger <christian@poessinger.com>2019-05-09 23:10:12 +0200
commitcecc4a22b1249bcb9d14d95780187bdc3e375f0b (patch)
treefdaabc382aec68d8a5fb342c8a8ae134dd1cdc8b /docs/services
parent8a435adaf4f78243a1d7e5228dc115412415c90f (diff)
downloadvyos-documentation-cecc4a22b1249bcb9d14d95780187bdc3e375f0b.tar.gz
vyos-documentation-cecc4a22b1249bcb9d14d95780187bdc3e375f0b.zip
webproxy: add LDAP/AD authentication
Diffstat (limited to 'docs/services')
-rw-r--r--docs/services/webproxy.rst27
1 files changed, 26 insertions, 1 deletions
diff --git a/docs/services/webproxy.rst b/docs/services/webproxy.rst
index d1c2ca2e..096a80cd 100644
--- a/docs/services/webproxy.rst
+++ b/docs/services/webproxy.rst
@@ -79,7 +79,32 @@ first. Otherwise you will not be able to commit the config changes.
Authentication
^^^^^^^^^^^^^^
-TBD: https://wiki.vyos.net/wiki/Web_proxy_LDAP_authentication
+The embedded Squid proxy can use LDAP to authenticate users against a company
+wide directory. The following configuration is an example of how to use Active
+Directory as authentication backend. Queries are done via LDAP.
+
+.. code-block:: sh
+
+ vyos@vyos# show service webproxy
+ authentication {
+ children 5
+ credentials-ttl 60
+ ldap {
+ base-dn DC=rgtest,DC=local
+ bind-dn CN=proxyuser,CN=Users,DC=rgtest,DC=local
+ filter-expression (cn=%s)
+ password Qwert1234
+ server 192.168.188.201
+ username-attribute cn
+ }
+ method ldap
+ realm "VyOS Webproxy"
+ }
+ cache-size 100
+ default-port 3128
+ listen-address 192.168.188.103 {
+ disable-transparent
+ }
Adjusting cache size
^^^^^^^^^^^^^^^^^^^^