OpenLDAP Faq-O-Matic : OpenLDAP Software FAQ : Integration : iPlanet (Sun/Netscape) Applications : How does LDAP authentication works in Netscape Communicator 4.x? | |
This document explains how LDAP authentication in Communicator 4.x works: http://developer.netscape.com/docs/manuals/communicator/ldap45.htm#authentication | |
Netscape's Address book has a peculiar way of retrieving data from LDAP. This doesn't really rear its ugly head when unauthenticated users are allowed to retrieve and read entries but it will give you grey hair when you secure your server by requiring authentication. Under the guise of making it easier for the user you don't log in with your DN and password. You use your email address. The following things will happen:
To make this actually work the authentication settings in your slapd.conf file have to allow anonymous users search access to the mail attribute and read access to the entry whereby "entry" is just another name for DN. Here is an example that works for me: # Access Control access to attr=userPassword by anonymous auth by self write by * none access to attr=mail by self write by dn=".*,o=DC,c=US" read by * search access to attr=entry by * read access to * by self write by dn=".*,o=DC,c=US" read by * none Note the access rules for attr=mail and for entry. Obviously you will have to change the lines that contain dn=".*,o=DC,c=US" to reflect your naming scheme. After finally getting search results in the list of entries displayed by the Netscape address book I ran into another snag. Netscape only pulls up the full set of information from the LDAP server when you double-click on a listed entry to view the details. My debugging showed me that at that point Netscape seemed to have forgotten the identity it used when retrieving the list of matches and it bound anonymously again. The result was that the detailed view showed nothing but the DN - which according to my access rules is readable by everyone. I overcame this last problem by upgrading Netscape, in my case from 4.72/Mac to 4.75/Mac. | |
[Append to This Answer] |
Previous: | How to customize LDAP settings in Netscape Communicator 4.x? |
|