Hi, I would like to authenticate Active Directory users via LDAP and group membership. My setup seems to work fine except for one little thing. First here is my config: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 40 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 1 minutes external_acl_type LDAPGROUP %LOGIN /usr/libexec/squid_ldap_group -b "ou=MYCIE,dc=mycie,dc=com" -D "cn=USERNAME,ou=ITS,ou=MYCIE,dc=mycie,dc=com" -w MYPASS -f "(&(samAccountName=%v)(memberOf=cn=%a,ou=ITS,ou=MYCIE,dc=mycie,dc=com))" -p 389 -S -P -d -h 10.64.1.10 acl AXS external LDAPGROUP Internet_access http_access allow AXS all http_access deny all It works fine, if the user is in the AD group Internet_access, he can browse the internet, if he's not in the group, he can't. The problem: The problem is if I modify a user access (remove or add in Internet_access) I need to use "squid -k reconfigure" to apply the changes. Is there something I can change that wouldn't required a squid reconfigure? I also seen some post about squid_ldap_auth, does it only support basic auth? Would it solve my problem? Thanks for the help, Jean-Philippe