Hi Eugene, yes, that's true, but this only works together the program squid_kerb_auth. So this require my computer inside a domain. I need that it works with a popup to type username and password. I tried: - to use squid_kerb_auth with the parameter "auth_param basic program" (DOESN'T WORK) - to use squid_ldap_auth to autenticate and squid_kerb_ldap to search. It authenticates but doesn't search. (DOESN'T WORK) - to use "auth_param negotiate program squid_kerb_auth" with "squid_kerb_ldap" to search, with my computer inside a domain. (IT WORKS!) But without username/password popup. Is there some way to join "Authentication via Popup" + "Recursive Query"? Thanks Guys. On Fri, Aug 10, 2012 at 12:57 AM, Eugene M. Zheganin <eugene@xxxxxxxxx> wrote: > Hi. > > > On 10.08.2012 01:10, Rickifer Barros wrote: >> >> Hi squid users, >> >> I have a question about the helper squid_ldap_group whose don't find >> in the internet. I'm testing it and I noticed that it don't recognize >> groups inside group, but only read users inside group. >> >> The command I'm using is like this: external_acl_type AD_GROUP %LOGIN >> /usr/lib/squid3/squid_ldap_group -R -P -b "dc=domain,dc=yyy" -D >> "cn=user,dc=domain,dc=yyy" -w "password" -f >> >> "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn="%a",ou="example",dc=domain,dc=yyy))" >> -h yyy.yyy.yyy.yyy >> >> Is there a way to squid_ldap_group to read the groups into the other >> group? >> >> > Afaik, the only way to let the squid know about nested groups is to use a > squid_kerb_ldap instead of the squid_ldap_group. > > Eugene.