On Thu, 2008-03-20 at 10:39 +0200, Dmitry SUROVTSEV wrote: > Ok, thank you for explanation. > But I still do not understand why squid_ldap_group does not work > without -R option. And how to force it to make a real request to PDC, > not just serch top-level groups... Here is some speculations: a) Perhaps the base DN or access protocol you have given is not proper. b) squid_ldap_auth by default searches the whole tree below the given base DN, but maybe your other groups is elsewhere in your LDAP tree? It's very hard to answer these questions without also seeing the data in your LDAP server, base DNs, what the redirects looks like etc. I would recommend you to explote the LDAP server a bit using OpenLDAP ldapsearch, this behaves pretty much the same as squid_ldap_auth. Regards Henrik