[Date Prev][Date Next] [Chronological] [Thread] [Top]

auth'd binds from Nestcape DO work! (was: Problems with OpenLDAP 1.2 and netscape 4.51)

To: Rob Gabbard <rgabb@sgi.com>
Subject: auth'd binds from Nestcape DO work! (was: Problems with OpenLDAP 1.2 and netscape 4.51)
From: Charles Owens <owensc@enc.edu>
Date: Tue, 23 Mar 1999 12:46:16 -0500
Cc: openldap-stable@OpenLDAP.org
Organization: Eastern Nazarene College
References: <36F185A5.DFC63B3E@sgi.com>

Rob Gabbard wrote:

> I downloaded and built 1.2 today on SGI IRIX 6.5.3m. After installing
> it, I can query the server from Netscape 4.07 and Outlook Express 4.7
> but when I attempt to from the address book in Netscape 4.51 I get a
> protocol error. Turning on the debugging mode of slapd appears to show a
> v2(slapd) vs. v3(netscape) conflict.
>
> Any help ?
>

Okay... the thought that auth'd binds from Netscape Communicator do not, at
present, work (as seems to have been concluded in this thread) got me
worried since I'm gearing up for a real OpenLDAP/Communicator deploment.
So, fueled with the fear that I might have to break down and buy Netscape
Directory Server (very non-opensource-like of me) I just now did some
further poking.  And... I've confirmed that I _can_ bind with authentication
and search the directory (this is from Communicator 4.51 to OpenLDAP 1.0 -
I'm guessing it still works in 1.2... will confirm in a few days).

The key, it seems, is knowing what attribute Communicator by default uses to
locate the the DN to which to bind.  I've always just assumed that it was
the 'uid' attribute... it's in their own proposed inetorgperson
objectclass... seemed logical.  But the default attribute turns out to be
'mail'!  When the addressbook prompts me to authenticate, I type in my email
address and password (as stored in my entry's 'userpassword' attribute)...
and hey, wow!  It works!

The breakthrough for me came when I re-examined their document:

 http://developer1.netscape.com:80/docs/manuals/communicator/ldapcust45.html

Specificly:

     Authentication Preferences

     The following lines of JavaScript preferences code show the
     preference objects added for LDAP authentication, and their
     default values:

          pref ("ldap_2.servers.megacorp.auth.enabled", false);
          pref ("ldap_2.servers.megacorp.auth.savePassword", false);
          pref ("ldap_2.servers.megacorp.auth.dn", "");
          pref ("ldap_2.servers.megacorp.auth.password", "");
          pref ("ldap_2.servers.megacorp.attributes.auth", "email
     address:mail");

     Of particular note is the new attributes.auth setting. The auth
     attribute preference holds the human readable name (e.g. email
     address and LDAP attribute name (e.g. mail) of the attribute
     Communicator will search for when attempting to find the user's
     DN.

Hope this helps.  Its good to know that other folks out there are also
trying to figure this out.  :-)

--
-------------------------------------------------------------------------
  Charles N. Owens                               Email:  owensc@enc.edu
                                             http://www.enc.edu/~owensc
  Network & Systems Administrator
  Information Technology Services  "Outside of a dog, a book is a man's
  Eastern Nazarene College         best friend.  Inside of a dog it's
                                   too dark to read." - Groucho Marx
-------------------------------------------------------------------------

Follow-Ups:
- Re: Netscape 4.51 on Linux problem
  - From: Robert Franklin <r.c.franklin@reading.ac.uk>

References:
- Problems with OpenLDAP 1.2 and netscape 4.51
  - From: Rob Gabbard <rgabb@sgi.com>

Prev by Date: Limiting the number of returned entries
Next by Date: Re: Netscape 4.51 on Linux problem
Index(es):
- Chronological
- Thread