The problem with most LDAP-auth examples is that they are written for Active Directory, and they assume the reader is an expert at understanding LDAP syntax. As such the following appears to be meaningless with Novell eDirectory: uid=some-user,ou=People,dc=yourcompany,dc=com , We don't have domain controllers in novell's eDir, so "dc=" appears to be the wrong identifier for Novell's LDAP. Instead, we have this thing called the Tree and the Org at the top level. I've played with trying random guesses like "cn=foo,ou=accounts,o=myorg,t=mytree" and it doesn't work. I don't know where to find a list of all valid LDAP identifiers (cn=, dc=, etc) so I don't know what syntax to use. And does using "uid=" or "cn=" make a difference with AD vs eDir? , Also, what's with the commas and periods in LDAP vs Novell? Does it matter? Novell eDirectory: cn=user.ou=orgunit.o=org.t=tree LDAP: uid=some-user,ou=People,dc=yourcompany,dc=com Will either work, or must the delimiter be a comma with LDAP? , Novell eDirectory permits spaces in the names of objects. How do you deal with spaces in LDAP objects from the command line? Do you wrap the individual item with quotes or the whole LDAP path/context in quotes? , Also what is the debug option in the LDAP authenticator supposed to be used for? It does not appear to generate any useful output. I am looking for extensive debugging information to tell me why and how exactly it is or isn't working, like this: Connecting to LDAP server: foo.company.com (10.0.0.10) ... ** Connected. Using authenticated bind with user: cn=user.ou=accounts.dc=somewhere With password: foo ** Successful authenticated bind. Searching tree using matching pattern: "cn=%s" ** Actual search pattern: "cn=(whatever %s means)" Found the following match: (etc) Getting only "ERR Success" as a response is quite unhelpful for an LDAP-noob to figure out what is wrong. , If I get answers to these questions I'll probably put it into the wiki page.. http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ldap - Dale Mahalko On Tue, Sep 22, 2009 at 6:23 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > We have a generic LDAP how-to which may or may not be useful to you... > http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ldap > > > Recent squid releases bundle an eDirectory helper for doing secure encrypted > digest authentication. That auth method is also growing in its support from > browsers etc. > > Hopefully someone with a bit more experience in these auth methods will > speak up. This should give you a place to start seraching anyway. Good luck. >