Hi, I am using Squid-2.5-STABLE7 as proxy on SLES 8 for users to authenticate the browser access to the internet, the password authentication works well until the Novell NDS changed to a new tree structure which I have also changed accordingly in the squid.conf. The old NDS tree that had worked well with squid LDAP settings are as follow: ============================================== Old NDS LDAP structure, cn=proxy,ou=access,ou=mckell,o=dpws Squid.conf auth_param and external acl type; auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b o=dpws -f cn=%s pws-is2-nsrv external_acl_type ldap_group concurrency=5 %LOGIN /usr/local/squid/libexec/squid_ldap_group -s sub -b ou=access,ou=mckell,o=dpws -f (&(cn=%g)(uniquemember=%u)) -B o=dpws -F (cn=%s) pws-is2-nsrv acl WEBGROUP external ldap_group Proxy The NEW NDS's tree that failed to work with squid has the following settings: ============================================== New NDS LDAP structure, cn=proxy,ou=People,o=commid Squid.conf auth_param and external acl type; auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b o=commid -f cn=%s EDIR1NW external_acl_type ldap_group concurrency=5 %LOGIN /usr/local/squid/libexec/squid_ldap_group -s sub -b ou=People,o=commid -f (&(cn=%g)(uniquemember=%u)) -B o=commid -F (cn=%s) EDIR1NW acl WEBGROUP external ldap_group Proxy I used tcpdump to monitor LDAP packets between the client and the new NDS server EDIR1NW and saw the ldap packets communicating. I can not see any messages/erros why the authentication failed. I don't believe there is anything wrong with the new NDS server because other Novell clients work well with it. Can someone please shed light on this problem. Many thanks. Regards, Daniel Lim NSW Dept. of Commerce Sydney ****************************************************************************** This email message, including any attached files, is confidential and intended solely for the use of the individual or entity to whom it is addressed. The NSW Department of Commerce prohibits the right to publish, copy, distribute or disclose any information contained in this email, or its attachments, by any party other than the intended recipient. If you have received this email in error please notify the sender and delete it from your system. No employee or agent is authorised to conclude any binding agreement on behalf of the NSW Department of Commerce by email. The views or opinions presented in this email are solely those of the author and do not necessarily represent those of the Department, except where the sender expressly, and with authority, states them to be the views of NSW Department of Commerce. The NSW Department of Commerce accepts no liability for any loss or damage arising from the use of this email and recommends that the recipient check this email and any attached files for the presence of viruses. ******************************************************************************
