We have a few production squid proxy servers running various STABLE
versions of squid 2.5 and are encountering some issues as we upgrade our
Domain controllers from windows 2000 to windows 2003. The proxy servers
query the LDAP directory for user access control. Ideally, we would like
all proxy servers to use a base dn that allows them to search the entire
domain ("dn=domain,dn=lan"), when querying Windows 2000 domain controllers
this works perfectly. However, when we point these proxy servers to
Windows 2003 domain controllers for LDAP queries squid_ldap_auth fails. I
have found that if I specify an ou for the base dn it works fine
("ou=site1,dn=domain,dn=lan"). So, it seems that Windows 2003 domain
controllers have added security that stops searches beginning from the base
of the domain and searches must start within an ou. Has anyone encountered
this? Are there any fixes that anyone is aware of? Any help is greatly
appreciated.
Thanks,
Colin
