I've been struggling with getting Squid to authenticate against AD using squid_ldap_auth. OS: OEL 5.3 (Redhat) Squid: squid-2.6.STABLE21-3.el5 I've been able to get it to authenticate successfully against SunONE Directory server, but our internal users aren't in that LDAP but should in theory show the pieces are functional. Here's the relevant section from squid.conf, obfuscation where necessary: auth_param basic program /usr/lib64/squid/squid_ldap_auth -d -R -v 3 -d -b "dc=oa,dc=DOMAIN,dc=com" -D "CN=SURNAME\, Givenname,OU=Basic,OU=Users,DC=oa,DC=DOMAIN,DC=com" -w "XXXXXX" -f sAMAccountName=%s -h AD_SERVER.oa.domain.com auth_param basic children 5 auth_param basic realm "Restricted Use" auth_param basic credentialsttl 10 minutes Having this in squid.conf gives the error: squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' However if I copy & paste this exact line starting with the /usr/lib64/squid/squid_ldap_auth is successful: bash-3.2$ /usr/lib64/squid/squid_ldap_auth -d -R -v 3 -d -b "dc=oa,dc=DOMAIN,dc=com" -D "CN=SURNAME\, Givenname,OU=Basic,OU=Users,DC=oa,DC=DOMAIN,DC=com" -w "XXXXXXX" -f sAMAccountName=%s -h AD_SERVER.oa.domain.com user2 pass user filter 'sAMAccountName=user2', searchbase 'dc=oa,dc=DOMAIN,dc=com' attempting to authenticate user 'CN=lastname\, firstname,OU=Basic,OU=ISO_Users,DC=oa,DC=caiso,DC=com' OK Any ideas from the list? All searches tell me the user or password is wrong, but that's not the case. Looks like squid's parsing of the binddn seems broken on this.
