Yes, I have. The searches are being performed by an authenticated user. Thanks, Colin Adam Aube <aaube01@xxxxxxxx u> To Sent by: news squid-users@xxxxxxxxxxxxxxx <news@xxxxxxxxxxx cc rg> Subject Re: squid_ldap_auth 11/10/2005 08:51 and Windows 2003 AD AM Colin Farley wrote: > We have a few production squid proxy servers running various STABLE > versions of squid 2.5 and are encountering some issues as we upgrade our > Domain controllers from windows 2000 to windows 2003. The proxy servers > query the LDAP directory for user access control. > Ideally, we would like all proxy servers to use a base dn that allows them > to search the entire domain ("dn=domain,dn=lan"), when querying Windows > 2000 domain controllers this works perfectly. However, when we point > these proxy servers to Windows 2003 domain controllers for LDAP queries > squid_ldap_auth fails. > I have found that if I specify an ou for the base dn it works fine > ("ou=site1,dn=domain,dn=lan"). So, it seems that Windows 2003 domain > controllers have added security that stops searches beginning from the > base of the domain and searches must start within an ou. Have you configured squid_ldap_auth to bind using a user account? Adam