Re: [squid-users] Re: squid_ldap_auth and Windows 2003 AD

Yes, I have. The searches are being performed by an authenticated user.

Thanks,
Colin

                                                                           
             Adam Aube
             <aaube01@baker.ed
             u> To
             Sent by: news squid-users@squid-cache.org
             <news@sea.gmane.o cc
             rg>
                                                                   Subject
                                       [squid-users] Re: squid_ldap_auth
             11/10/2005 08:51 and Windows 2003 AD
             AM
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           

Colin Farley wrote:

> We have a few production squid proxy servers running various STABLE
> versions of squid 2.5 and are encountering some issues as we upgrade our
> Domain controllers from windows 2000 to windows 2003. The proxy servers
> query the LDAP directory for user access control.

> Ideally, we would like all proxy servers to use a base dn that allows
them
> to search the entire domain ("dn=domain,dn=lan"), when querying Windows
> 2000 domain controllers this works perfectly. However, when we point
> these proxy servers to Windows 2003 domain controllers for LDAP queries
> squid_ldap_auth fails.

> I have found that if I specify an ou for the base dn it works fine
> ("ou=site1,dn=domain,dn=lan"). So, it seems that Windows 2003 domain
> controllers have added security that stops searches beginning from the
> base of the domain and searches must start within an ou.

Have you configured squid_ldap_auth to bind using a user account?

Adam
Received on Thu Nov 10 2005 - 10:30:17 MST