mån 2008-11-24 klockan 13:04 -0800 skrev Mike Ely: > directly a member of the acl group. What I need to do is be able to use > nested groups. (Sorry, it looks like I've stated this two different ways) nested groups unfortunately does not map very well to LDAP, and is not supported by squid_ldap_group. A nested group lookup via LDAP involves retreiving the whole group membership, looking for groups and then retreiging those groups, recursively until no further subgroups is found. In MS AD it may work doing the lookup the opposite way, querying if the user has the group listed in his user object. At least worth a try. The easiest way to see if this is the case is to use ldapserach to inspect the user object, or any other LDAP browser capable of querying you AD tree. Regards Henrik