diff options
author | Christian Poessinger <christian@poessinger.com> | 2019-05-09 23:10:12 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2019-05-09 23:10:12 +0200 |
commit | cecc4a22b1249bcb9d14d95780187bdc3e375f0b (patch) | |
tree | fdaabc382aec68d8a5fb342c8a8ae134dd1cdc8b /docs/services | |
parent | 8a435adaf4f78243a1d7e5228dc115412415c90f (diff) | |
download | vyos-documentation-cecc4a22b1249bcb9d14d95780187bdc3e375f0b.tar.gz vyos-documentation-cecc4a22b1249bcb9d14d95780187bdc3e375f0b.zip |
webproxy: add LDAP/AD authentication
Diffstat (limited to 'docs/services')
-rw-r--r-- | docs/services/webproxy.rst | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/docs/services/webproxy.rst b/docs/services/webproxy.rst index d1c2ca2e..096a80cd 100644 --- a/docs/services/webproxy.rst +++ b/docs/services/webproxy.rst @@ -79,7 +79,32 @@ first. Otherwise you will not be able to commit the config changes. Authentication ^^^^^^^^^^^^^^ -TBD: https://wiki.vyos.net/wiki/Web_proxy_LDAP_authentication +The embedded Squid proxy can use LDAP to authenticate users against a company +wide directory. The following configuration is an example of how to use Active +Directory as authentication backend. Queries are done via LDAP. + +.. code-block:: sh + + vyos@vyos# show service webproxy + authentication { + children 5 + credentials-ttl 60 + ldap { + base-dn DC=rgtest,DC=local + bind-dn CN=proxyuser,CN=Users,DC=rgtest,DC=local + filter-expression (cn=%s) + password Qwert1234 + server 192.168.188.201 + username-attribute cn + } + method ldap + realm "VyOS Webproxy" + } + cache-size 100 + default-port 3128 + listen-address 192.168.188.103 { + disable-transparent + } Adjusting cache size ^^^^^^^^^^^^^^^^^^^^ |