Thanks Henrik. I want to share some information here which would help someone. This is the exact command which did the trick for me. auth_param basic program /usr/lib/squid/squid_ldap_auth -b "ou=yyy,dc=xxx,dc=com" -H ldaps://ldapserver.domain.com:636 -v 3 -f "uid=%s" by running 'openssl s_client -connect ldap:636' I got to see the exact Common Name (CN) and had specify in the command like above. I got to see successful ldaps connections on my ldap server. Hopefully -Z is no more needed for me. Please correct me if I am wrong. To avoid sending plain text from browser to Squid proxy, I created a ssh tunnel using my putty(from localhost port 8080 to proxy:8080), And I specified localhost in the browser. This seems to be working fine, except that I need to keep the putty session open always. Obviously none of the users want to open a session on their desktop browser while browsing. Now I am exploring a way to create this ssh tunnel using some script which should not need any action from the end user. I appreciate if someone has some information to share with. Thanks, Best Regards, Bhagwan -----Original Message----- From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Sent: Friday, June 15, 2007 3:36 PM To: Vootla, Bhagwan Cc: squid-users@xxxxxxxxxxxxxxx; squid-dev@xxxxxxxxxxxxxxx Subject: RE: Squid + ldap +ssl Secure authentication fre 2007-06-15 klockan 12:42 -0400 skrev Vootla, Bhagwan: > Using -Z option still returns me "Could not Activate TLS connection" > I also tried with -p 636, which does not return me anything . Somehow I > need to implement this to meet the deadline (tomorrow). -Z is LDAPv3 STARTTLS on the normal LDAP port. To use the older LDAPv2 over SSL you need to use -H ldaps://servername/ Regards Henrik
