[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: authenticating with netscape messenger
Michael David wrote:
> I set up the OpenLDAP server on my GNU/Linux box, with most
> of its resources only available to authenticated users (by
> dn=".+" read). So now from my shell I can authenticate using
> a DN and the userpassword attribute of that DN (what one
> would expect). I don't intend to let anonymous users do much
> of anything, especially not find e-mail addresses
> (mail=something).
>
> Then on a Windows machine, using MS Outlook Express, I set
> up the directory service, telling it to log in with my DN
> and userpassword. That worked too.
>
> Then I tried to get it working with Netscape Messenger 4.74.
> Netscape asks you for an E-MAIL ADDRESS and password to log
> in with. Then it binds to the LDAP server with dn="" and
> searches for "(mail=something)" where "something" is the
> e-mail address you offered it.
>
> As it happens, the un-authenticated dn="" doesn't have
> access to the mail= attribute, so nothing happens. This is
> what I intended for anonymous browsers (nothing).
>
> When I experimentally let dn="" read the mail= attribute, I
> discovered that Netscape looks up the e-mail address, and if
> it occurs in one and only one entry, tries to log in with
> that DN and the user-supplied password. This always fails if
> the e-mail address is found more than once. Now I'm
> wondering why they decided to use an e-mail address to
> identify directory entries, when that's what DNs were for.
> It's not unreasonable to have more than one entry list the
> same e-mail address, and I see no point (and extra work) in
> prohibiting this, or in inventing new unique e-mail
> addresses just to use as login names for Netscape Messenger.
>
> Right now my answer is simply "Netscape Messenger doesn't
> work with our directory." I'm wondering if there's a better
> answer than that.
Go to the .netscape/preferences.js file; add to the directory you're considering
the lines
user_pref("ldap_2.servers.YOURSERVER.auth.enabled", true);
user_pref("ldap_2.servers.YOURSERVER.attributes.auth","User ID:uid");
where YOURSERVER is the normalized name of the directory server you created;
instead of "User ID:uid" you can use any pair of valid display name ("User
ID") and
unique attribute ("uid") you like. You can find such information at
http://developer.netscape.com/docs/manuals/communicator/ldap45.htm
Bye, Pierangelo
<ando@sys-net.it>