[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
auth'd binds from Nestcape DO work! (was: Problems with OpenLDAP 1.2 and netscape 4.51)
Rob Gabbard wrote:
> I downloaded and built 1.2 today on SGI IRIX 6.5.3m. After installing
> it, I can query the server from Netscape 4.07 and Outlook Express 4.7
> but when I attempt to from the address book in Netscape 4.51 I get a
> protocol error. Turning on the debugging mode of slapd appears to show a
> v2(slapd) vs. v3(netscape) conflict.
>
> Any help ?
>
Okay... the thought that auth'd binds from Netscape Communicator do not, at
present, work (as seems to have been concluded in this thread) got me
worried since I'm gearing up for a real OpenLDAP/Communicator deploment.
So, fueled with the fear that I might have to break down and buy Netscape
Directory Server (very non-opensource-like of me) I just now did some
further poking. And... I've confirmed that I _can_ bind with authentication
and search the directory (this is from Communicator 4.51 to OpenLDAP 1.0 -
I'm guessing it still works in 1.2... will confirm in a few days).
The key, it seems, is knowing what attribute Communicator by default uses to
locate the the DN to which to bind. I've always just assumed that it was
the 'uid' attribute... it's in their own proposed inetorgperson
objectclass... seemed logical. But the default attribute turns out to be
'mail'! When the addressbook prompts me to authenticate, I type in my email
address and password (as stored in my entry's 'userpassword' attribute)...
and hey, wow! It works!
The breakthrough for me came when I re-examined their document:
http://developer1.netscape.com:80/docs/manuals/communicator/ldapcust45.html
Specificly:
Authentication Preferences
The following lines of JavaScript preferences code show the
preference objects added for LDAP authentication, and their
default values:
pref ("ldap_2.servers.megacorp.auth.enabled", false);
pref ("ldap_2.servers.megacorp.auth.savePassword", false);
pref ("ldap_2.servers.megacorp.auth.dn", "");
pref ("ldap_2.servers.megacorp.auth.password", "");
pref ("ldap_2.servers.megacorp.attributes.auth", "email
address:mail");
Of particular note is the new attributes.auth setting. The auth
attribute preference holds the human readable name (e.g. email
address and LDAP attribute name (e.g. mail) of the attribute
Communicator will search for when attempting to find the user's
DN.
Hope this helps. Its good to know that other folks out there are also
trying to figure this out. :-)
--
-------------------------------------------------------------------------
Charles N. Owens Email: owensc@enc.edu
http://www.enc.edu/~owensc
Network & Systems Administrator
Information Technology Services "Outside of a dog, a book is a man's
Eastern Nazarene College best friend. Inside of a dog it's
too dark to read." - Groucho Marx
-------------------------------------------------------------------------