I have a pfsense router with 25 clients ( linux and windows ). I want to filter the internet traffic for some of the clients using squid guard. I have researched the options and I would like to use openLDAP for auth on each client and squid filtering. I have browsed the pfsense documentation and all I can find is connecting pfense with external openLDAP server but not installing openLDAP on pfSense.
Asked
Active
Viewed 5,160 times
1 Answers
2
pfSense is a firewall and it should stay a firewall. Increasing the attack surface by installing other kind of software isn't a very good idea.
Run the OpenLDAP server on different hardware. Using it for 25 users is a very lightweight task that can run on quite a small machine or VM.
Sven
- 97,248
- 13
- 177
- 225
-
It makes sense, but as you pointed out, the network is small and it doesn't worth keeping 2 servers running. – cornel Jan 20 '16 at 13:05
-
4I disagree. The OpenLDAP service doesn't belong onto the pfSense machine and if you need the service, you need the hardware. I don't necessarily recommend this but the OpenLDAP server could potentially be something as simple as a Raspberry Pi. – Sven Jan 20 '16 at 13:07