[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Binding Problems with authentication
Joe Novielli wrote:
> The server doesn't seem to bind DN's for authentication (I tried Netscape,
> Eudora email clients).
The server does, it is that you are being outsmarted by your clients.
So
that you do not have to remember/type dn's, they make a search, get the
dn of the retrieved entry and bind with that dn and the password you
give.
> Jul 21 11:47:28 pluton.matrox.com slapd[10166]: conn=0 op=1 SRCH
> base="LOCATION=DORVAL,O=MATROX,C=CA" scope=2 filter="( |
> (cn=*MARK*)(SN=*MARK*)(GN=*MARK*)(GIVENNAME=*MARK*))"
See? They are looking for a user with a name containing "MARK". BTW,
I never heard of "GN" as a valid alias for "givenName".
> Jul 21 11:47:32 pluton.matrox.com slapd[10166]: conn=0 op=1 RESULT err=0
> tag=101 nentries=0
Unfortunately, the search fails (see nentries=0).
> Jul 21 11:57:25 pluton.matrox.com slapd[10166]: conn=1 op=1 SRCH
> base="LOCATION=DORVAL,O=MATROX,C=CA" scope=2 filter="(mail=JNOVIELL,
> LOCATION=DORVAL, O=MATROX,C=CA)"
In this case, you are trying to write a DN in the login dialog. Notice
that the text in the dialog tells you to use the email address. It
means it.
> -------------------------------------------------------------
> The user name I am using is: jnoviell, location=Dorval, o=Matrox,c=CA
That would not be a valid dn, the attribute type on the first RDN is
missing, you mean "uid=" or maybe "cn=" prepended to that, but don't
do it because your clients are expecting something else.
Julio