[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 1.2 and Iplanet 4.1 Web server

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: OpenLDAP 1.2 and Iplanet 4.1 Web server
From: Joseph Spenner <joseph85750@yahoo.com>
Date: Thu, 17 May 2001 07:55:51 -0700 (PDT)
In-reply-to: <20010515142159.25454.qmail@web13107.mail.yahoo.com>

Problem solved.  Apparently, the newest
Netscape/Iplanet web servers are only able to do
LDAPv3 for authentication.  If LDAPv2 is used, mixed
results will occur.
The older Netscape web servers were able to do both
LDAPv2 and LDAPv3.
I installed OpenLDAP2 (LDAPv3) and everything worked
correctly.

I didn't see any mention of this in Iplanet's
documentation, but that doesn't surprise me.  That's
how they make money on support.


> I just realized that if I point my Netscape
> Enterprise
> Server 3.6 at my Linux LDAP 1.2 server, I can
> authenticate against it.  However, if I use Iplanet
> 4.1 web server, I can not authenticate.  I always
> get
> an 'access denied' type of message as described
> below.
> 
> Has anyone seen differences like this between the
> older Netscape Enterprise servers and the new
> (improved?) Iplanet web servers?
> 
> 
> > This question is specifically for anyone using
> LDAP
> > with Iplanet web servers.
> > 
> > I have an LDAP 1.2 server running on a Linux box. 
> I
> > can see all the users from the Iplanet webserver
> > when
> > I use the "manage users" screens.  I can even ADD
> > users
> >  to my LDAP server from the Iplanet admin server. 
> > The
> > users populate LDAP correctly.
> > My problem is 'restricting access' to certain
> > directories on the web server.  I set up the ACL
> to
> > 'deny all', then 'allow authenticated people
> only'.
> > I have it set to allow "All in the authentication
> > database"
> > Authentication Methods: Default
> > Authentication Database: Default
> >   ( I also tried the Default LDAP as well)
> > 
> > But, I always get 'access denied', as if I can't
> > authenticate.  In the web server 'error' log I see
> > the
> > following:
> > 
> > [09/May/2001:17:39:47] security (14441):
> [NSACL4330]
> > ACL_GetAttribute: attr getter failed to get user
> >         [NSACL4330] ACL_GetAttribute: attr getter
> > failed to get isvalid-password
> >         [NSACL5860] ldap password check: LDAP
> error:
> > "ldaputil internal error"
> > [09/May/2001:17:39:47] security (14441): for host
> > 192.168.77.26 trying to GET /i
> > ndex.html, acl-state reports: access of
> > /space/iplanet/naldn/index.html denied by ACL
> > default
> > directive 2
> > [09/May/2001:17:39:47] security (14441): for host
> > 192.168.77.26 trying to GET /index.html, acl-state
> > reports: access of /space/iplanet/naldn/index.html
> > denied because evaluation of ACL default directive
> 2
> > failed
> > 
> > It's so odd to me, because I know I'm talking to
> the
> > LDAP and I am even able to 
> > MODIFY/ADD to the database from the web server.
> > 
> > Any help at all would be greatly appreciated.
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Auctions - buy the things you want at great
> > prices
> > http://auctions.yahoo.com/
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great
> prices
> http://auctions.yahoo.com/


__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/

References:
- Re: OpenLDAP 1.2 and Iplanet 4.1 Web server
  - From: Joseph Spenner <joseph85750@yahoo.com>

Prev by Date: collective (Was: "index delete failed" and "Inappropriate matching" )
Next by Date: Re: creating BerElement using char * and size?
Index(es):
- Chronological
- Thread