{% extends 'squid/auth/active_directory.html' %} {% block auth_ad_general %}class="active"{%endblock%} {% block tab_content %}
{% if form.non_field_errors %}
ERROR: {% for error in form.non_field_errors %} {{ error|escape }} {% endfor %}
{% endif %}
{% csrf_token %}
{{form.dc1addr}} {% if form.dc1addr.errors %} {{form.dc1addr.errors|striptags}} {% else %} Specify the IP address or FQDN of the primary domain controller. For example, dc1.example.lan. {%endif%}
{{form.dc2addr}} {% if form.dc2addr.errors %} {{form.dc2addr.errors|striptags}} {% else %} Specify the IP address or FQDN of the backup domain controller. For example, dc2.example.lan. Optional. {%endif%}
{{form.base_dn}} {% if form.base_dn.errors %} {{form.base_dn.errors|striptags}} {% else %} Specify the Base DN to bind to when searching for the list of groups for authenticated user. For example, dc=example,dc=lan. {%endif%}
{{form.bind_user}} {% if form.bind_user.errors %} {{form.bind_user.errors|striptags}} {% else %} Specify the name of the user who has read access to Active Directory. For example, squid or squid@example.lan. It will be used to bind to domain controllers to lookup security user-group membership and basic LDAP authentication. {%endif%}
{{form.bind_pass}} {% if form.bind_pass.errors %} {{form.bind_pass.errors|striptags}} {% else %} Specify the password for the user described above. This does not need to be an administrator, a simple non elevated user is typically good enough. If password is expired or not valid considerable time will be spent trying to bind to DC thus slowing down the browsing speed. {%endif%}

 

Secure LDAPS (port 636) or secure Global Catalog (port 3269) connections can only be used if you manually enabled LDAPS protocol support on your domain controller. This can be done by installing Active Directory Certificate Services / Certification Authority server role and configuring it in Enterprise CA setup type mode. Click here to view or edit currently configured LDAPS server certificates.
{% endblock %}