Authorizing users via LDAP group: It is listed in the squid_ldap_group man page that using -D binddn -W secret fle is to be preferred on -D binddn -w password. While it provides extra security then printing the password in plaintext inside squid.conf. Doesnt this query itself go in clear text over the network? If this is a risk how to handle this situation? 1. Should we create a special account with minimum of rights required to query Active Directory? 2. Or perform this query over TLS? and how it can be done? 3. Allowing anonymous queries can also be configured in Active directory however it does not look appropriate. May be it has no issues in the total private setup! Please your guidance is required. regards, Bilal _________________________________________________________________ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969