squidGuard - Tips for using LDAP
Some user experienced problem running squidGuard with LDAP
authentication. In most cases on startup squidGuard gave
a syntax or parsing error when the ldapsearch line was read
in. This can be result of several shortcomings. The list
below is compiled from own experiences and user feedback.
Hopefully it assists you to successfully set up LDAP
authentication with squidGuard.|
Please check your installation for the following topics:
- flex and bison
Make sure that you have flex and bison installed.
You can compile squidguard without but then LDAP will not
work. If the squidGuard process encounters the lack of flex
and/or bison it takes previously generated files to include
them into the code. These flex and bison files have been
created without any additional options (to ensure that they
can run on most systems).
- Using RPMs
Not all available RPMs do have the LDAP functionality
compiled in. If no LDAP libraries (or LDAP itself) is
on the list or requirements there is a good chance that
the package builds without it. You may wish to check
with the vendor of the RPM.
if you are building squidGuard from the sources check
the next topics.
- ldap libraries
In order to use LDAP functionalities the system must have the proper
LDAP libraries and include files installed (openldap works fine).
- configure with ldap
Before you compile squidGuard you must run configure with the ldap option activated:
| Running configure with ldap option:
- name resolution
Make sure that the system squidGuard is running on can properly
resolve its own name.
It has been reported that a syntax error shows up if the system
cannot resolve its own name properly.
- AD forrest: answering with referals
Currently squidGuard is not able to handle referals as answer from
an Active Directory. If you don't need referals in your environment
you can turn them off. Otherwise you have to specify a fixed server
and path where the user information can be obtained. Please take a
look on the "What to do with Active
Directory Referals?" page how users solved this problem in their
- configuration errors
Make sure that there are no typos your configuration. The
correct host is addressed to lookup the correct group membership
with the correct password in the correct LDAP tree.