squid的Ldap认证(AD),因为AD不允许匿名LDAP查询,所以需要有一个可查询的AD帐号,
  man squid_ldap_auth 的解释
     If  you  want to search for the user DN and your directory does not allow anonymous searches then you must also use the -D and -w flags to specify a user DN and password to log in as to perform the searches, as in the  following complex Active Directory example
    
squid_ldap_auth -P -R -b "dc=your,dc=domain" -D "cn=squid,cn=users,dc=your,dc=domain"
-w "squidpasswd" -f "(&(userPrincipalName=%s)(objectClass=Person))" -h ad_ip
 
 使用userPrincipalName,所以userid=userid@your.domain
 使用sAMAccountName,所以使用userid
-b basedn
-D binddn with -w
使用前测试AD是否工作正常
ldapsearch -x -b "cn=manager,dc=your,dc=domain" -D "cn=manager,dc=your,dc=domain" -w "managerpasswd" -h ad_ip
也可以使用
ldapsearch -x -b "dc=your,dc=domain" -D "cn=manager,dc=your,dc=domain" -w "managerpasswd" -h ad_ip
显示所有user
 
squid设置
 
auth_param basic program /usr/lib/squid/squid_ldap_auth -P -R -b "dc=your,dc=domain" -D "cn=ldaptest,cn=users,dc=your
,dc=domain" -w "passwd" -f "(&(userPrincipalName=%s)(objectClass=Person))" -h ip
auth_param basic children 5
auth_param basic realm squid auth system 
acl ldapauth proxy_auth REQUIRED
http_access allow ldapauth