Few months back I gave up with my test “proxy authentication via ldap” in Endian Firewall since there was something in Endian which prevent users from authenticate correctly to my ldap servers. However, last week I found something which can help you all configure your Endian HTTP proxy authentication correctly with any ldap server.

So basically, I found that the culprit is “LDAP config” inside Endian squid.conf as below :

# START AUTHENTICATION (NOX)
# METHOD is LDAP
auth_param basic program /usr/lib/squid/squid_ldap_auth -b “dc=no-x,dc=org” -d -D “cn=yours,dc=no-x,dc=org” -w “password” -f “(&(&(objectClass=person)(uid=%s))(|))” -u uid -v 3 -P xx.xx.xx.xx:389
auth_param basic children 20
auth_param basic realm LOGIN
auth_param basic credentialsttl 60 minutes

1. The “(|)” sign (=or) will result your squid cache.log return an error while looking for uid for the user during proxy authentication. No matter how you try it, you will unable to authenticate correctly to your LDAP server.
2. Manual changes for LDAP authentication in squid.conf will be changed to Endian default squid.conf once you try to reload or restart your squid via Endian Proxy Web Access(GUI).

To overcome this,I try searching user(herry) using any free LDAP tool/browser(LdapSoft) with default Endian filter as below :

(&(&(objectClass=person)(uid=%s))(|)) and result filter error as below :

Then, I removed the (|) sign and LdapSoft successfully found that user :
Now, I did manually changed the LDAP authentication line to new one by removing (|) sign as below :

# START AUTHENTICATION (NOX)
# METHOD is LDAP
auth_param basic program /usr/lib/squid/squid_ldap_auth -b “dc=no-x,dc=org” -d -D “cn=yours,dc=no-x,dc=org” -w “password” -f “(&(&(objectClass=person)(uid=%s)))” -u uid -v 3 -P xx.xx.xx.xx:389
auth_param basic children 20
auth_param basic realm LOGIN
auth_param basic credentialsttl 60 minutes