[Date Prev][Date Next] [Chronological] [Thread] [Top]

iPlanet 4.1 and OpenLDAP 2.1.12



Anyone know the secret to getting iPlanet 4.1 to authenticate against
OpenLDAP 2.1.12 ? I've done this before on a previous version a year or so
ago, but we had some problems with other parts of our system that caused us
to switch direction a bit. It's time to revisit, but I can't for the life of
me get it to work with the latest version. Scanned through the FAQ and it
only dealt with a much older version of OpenLDAP.

The error that iPlanet is giving me is:

[13/Mar/2003:10:22:29] security (26221): [NSACL4330] ACL_GetAttribute: attr
gett
er failed to get user
        [NSACL4330] ACL_GetAttribute: attr getter failed to get
isvalid-password
        [NSACL5860] ldap password check: LDAP error: "ldaputil internal
error"
        [NSACL4330] ACL_GetAttribute: attr getter failed to get user
[13/Mar/2003:10:22:29] security (26221): for host XXX.XXX.XXX.XXX trying to
GET /ad
min/, acl-state reports: access of
/u02/netscape/server4/https-XXXXXXXX/docs/admin/
 denied by ACL path=/u02/netscape/server4/https-XXXXXXXX/docs/admin/
directive 2
[13/Mar/2003:10:22:29] security (26221): for host XXX.XXX.XXX.XXX trying to
GET /ad
min/, acl-state reports: access of
/u02/netscape/server4/https-XXXXXXXX/docs/admin/
 denied because evaluation of ACL
path=/u02/netscape/server4/https-XXXXXXXX/docs/ad
min/ directive 2 failed

In dbswitch.conf I told it:

directory TEST
ldap://xxxxxxxx.xxxxxxxx.xxxxxxxx.com:389/dc%3Ddddd,dc%3Dcccc,dc%3Dbbbb,
dc%3Daaaa,dc%3Dcom
TEST:binddn cn=Manager,dc=cccc,dc=bbbb,dc=aaaa,dc=com
TEST:encoded bindpw ****************=

My "ou=People" has what appears to be the appropriate "aci" attribute that
iPlanet should require. The debug output of OpenLDAP says it is connecting
and looks like it is trying to the search, but there are thousands of lines
of debugging output and I can't make sense out of what is important and what
isn't...

If anyone can help me figure it out, I'll make sure the FAQ gets updated...

-Robert