SourceForge has been redesigned. Learn more.

#798 LDAP Auth with AD fails

Web Proxy (40)

I have currently setup ipcop with ldap auth over AD.
If the domain is dc=example,dc=local and you are using the root node as baseDN the authentifaciton fails.
If you use an OU or the standard Users every thing works fine.
So i did some search on the net and found the -R switch for the auth_ldap.
If i add manually the -R switch every thing works fine also the baseDN ist only set to dc=example,dc=local.
auth_param basic program /usr/lib/squid/suid_ldap_auth -R -b "dc=example,dc=local" ....


  • Stenzer

    Stenzer - 2012-07-16

    On the Squid home page it is also said to add the -P paramter:

    "If you want to search for the user DN and your directory does not allow anonymous searches then you must also use the -D and -w flags to specify a user DN and password to log in as to perform the searches, as in the following complex Active Directory example

    squid_ldap_auth -P -R -b "dc=your,dc=domain" -D "cn=squid,cn=users,dc=your,dc=domain" -w "secretsquidpassword" -f "(&(userPrincipalName=%s)(objectClass=Person))" activedirectoryserver"

  • Andre Luiz Rodrigues Ferreira

    This works in version 2.0.1. From what I saw is a bug in version 2.0.4. You are missing several lines in the code, including the part that makes authentication (ntlm_auth, ldap_auth), etc..

    Do you have any patch available to fix this bug?


    André L.R.Ferreira

  • Eric Oberlander

    Eric Oberlander - 2012-08-01

    The method of writing squid.conf was changed between versions 2.0.1 and 2.04. It is now handled by a 'helper' script called usr/local/bin/

    So, I'd look there first.



Log in to post a comment.