Hi, I am using squid_ldap_auth on squid version 2.6.STABLE13+ICAP on FreeBSD and im trying to authenticate against a 2003 server with the following setup. |- DC=my.local |-- OU=CapeTown |--- Group = CapeInternet |--- User = Zelda |-- OU=Durban |--- Group = DurbanInternet |--- User = Jason |-- OU=Groups |--- Group = FullInternet |-- CN=Users |--- User=Admin Now the group FullInternet has got a nested member list i.e. FullInternet has the following members User=Admin Group=CapeInternet Group=DurbanInternet Then the CapeInternet has a member of User=Zelda and the group DurbanInternet has a member User=Jason. So its a nested group statement where the main OU's for the regions are not located in one container but under the main DC. The members in the Regional OU's are only members of the their OU's internet group and not part of the full internet group. My search filter is as follows: (&(sAMAccountName=%s)(memberOf=CN=FullInternet,OU=Groups,DC=my,DC=local)) Now, I have got sub tree searching on and always follow referrals and always derefference aliases is on. When joining the domain I join to DC=my,DC=local and not into the Users container. When squid is running i can authenticate the Admin user as that user is a direct member of the FullInternet group, but I need to get the users in their regional OU's authenticated if they are down-the-line members. I also cant put in all the groups into my search string because there are over 150 ou's that are under the main dc and the administrator is not willing to change it. Any ideas as to how I could get this to work? Thanks in advance, Ian
