mån 2008-10-13 klockan 13:31 +0100 skrev Ian.Large@xxxxxxxxxxxxxxxxxxxxxxxxx: > -f "(&(sAMAccountName=%s)(memberOf=CN=InternetUsers,OU=Groups,OU=ND House > (slh / wel),OU=UK,DC=cs-plc,DC=salvesen,DC=com))" > squid_ldap_auth: WARNING, LDAP search error 'Bad search filter' This is most likely from the () in your OU. () is special characters in LDAP search filters. Try adding backslash infront of the parantesis. Also try adding the -d command line option to squid_ldap_auth. This makes the helper a bit more verbose about what it is doing, for examle showing the full expanded search filter sent to LDAP. > Has anybody got any insight? At present I've cut back the filter to -f > "sAMAccountName=%s" which is at least forcing authentication but not > checking the group membership. Note: You can use squid_ldap_group to check group memberships separately from authentication. This way you can give different rights to different user groups. Regards Henrik
