Re: Binding Problems with authentication

[Julio Sánchez Fernández <j_sanchez@stl.es>]

Joe Novielli wrote:

> The server doesn't seem to bind DN's for authentication (I tried Netscape,
> Eudora email clients).

The server does, it is that you are being outsmarted by your clients. 
So
that you do not have to remember/type dn's, they make a search, get the
dn of the retrieved entry and bind with that dn and the password you
give.

> Jul 21 11:47:28 pluton.matrox.com slapd[10166]: conn=0 op=1 SRCH
> base="LOCATION=DORVAL,O=MATROX,C=CA" scope=2 filter="( |
> (cn=*MARK*)(SN=*MARK*)(GN=*MARK*)(GIVENNAME=*MARK*))"

See? They are looking for a user with a name containing "MARK".  BTW,
I never heard of "GN" as a valid alias for "givenName".

> Jul 21 11:47:32 pluton.matrox.com slapd[10166]: conn=0 op=1 RESULT err=0
> tag=101 nentries=0

Unfortunately, the search fails (see nentries=0).

> Jul 21 11:57:25 pluton.matrox.com slapd[10166]: conn=1 op=1 SRCH
> base="LOCATION=DORVAL,O=MATROX,C=CA" scope=2 filter="(mail=JNOVIELL,
> LOCATION=DORVAL, O=MATROX,C=CA)"

In this case, you are trying to write a DN in the login dialog.  Notice
that the text in the dialog tells you to use the email address.  It
means it.

> -------------------------------------------------------------
> The user name I am using is:  jnoviell, location=Dorval, o=Matrox,c=CA

That would not be a valid dn, the attribute type on the first RDN is
missing, you mean "uid=" or maybe "cn=" prepended to that, but don't
do it because your clients are expecting something else.

Julio