[squid-users] squid_ldap_auth and Windows 2003 AD

From: Colin Farley <[email protected]>
Date: Wed, 9 Nov 2005 15:25:37 -0600

We have a few production squid proxy servers running various STABLE
versions of squid 2.5 and are encountering some issues as we upgrade our
Domain controllers from windows 2000 to windows 2003. The proxy servers
query the LDAP directory for user access control. Ideally, we would like
all proxy servers to use a base dn that allows them to search the entire
domain ("dn=domain,dn=lan"), when querying Windows 2000 domain controllers
this works perfectly. However, when we point these proxy servers to
Windows 2003 domain controllers for LDAP queries squid_ldap_auth fails. I
have found that if I specify an ou for the base dn it works fine
("ou=site1,dn=domain,dn=lan"). So, it seems that Windows 2003 domain
controllers have added security that stops searches beginning from the base
of the domain and searches must start within an ou. Has anyone encountered
this? Are there any fixes that anyone is aware of? Any help is greatly
appreciated.

Thanks,
Colin
Received on Wed Nov 09 2005 - 14:34:03 MST

This archive was generated by hypermail pre-2.1.9 : Thu Dec 01 2005 - 12:00:09 MST