Colin Farley wrote:
> We have a few production squid proxy servers running various STABLE
> versions of squid 2.5 and are encountering some issues as we upgrade our
> Domain controllers from windows 2000 to windows 2003. The proxy servers
> query the LDAP directory for user access control.
> Ideally, we would like all proxy servers to use a base dn that allows them
> to search the entire domain ("dn=domain,dn=lan"), when querying Windows
> 2000 domain controllers this works perfectly. However, when we point
> these proxy servers to Windows 2003 domain controllers for LDAP queries
> squid_ldap_auth fails.
> I have found that if I specify an ou for the base dn it works fine
> ("ou=site1,dn=domain,dn=lan"). So, it seems that Windows 2003 domain
> controllers have added security that stops searches beginning from the
> base of the domain and searches must start within an ou.
Have you configured squid_ldap_auth to bind using a user account?
Adam
