[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Netscape Mail
I have been trying to get the authentication to work
in Netscape Address book, but could not do. The setup
has been described below.
I could not get the anonymous access to mail
attribute, which seems to be the problem. I tried the
setup without-threads/with-threads in redhat
linux2.2/solaris 2.6
Hi,
The LDAP server will have different directories
for many companies. For eg. for organizations,
Airius1.com
Airius2.com
Airius3.com
...
..
etc.
Virtual Root (rootdn, rootpw)
/ \
/ \
/ \
o=airius1.com o=airius2.com
| |
| |
ou=People ou=People
| |
| |
uid=dmiller,.. uid=tmiller,....
1) Employees of a company can search for employees in
the same company, but should not be able to search
on other companies. For eg. Employees in Airius1.com
can search for employees in Airius1.com but not in
Airius2.com.
2)In addition, when an employee searches for another
employee, their password should not revealed. But, if
an employee searches for his own information, password
will be displayed.
3) I have to configure 3 clients, MS Outlook, Eudora
and Netscape Mail to access the LDAP server. MS
Outlook seems to work fine. From Patrick I knew that
problem exists in Eudora. Finally,
my aim is to get
it working for Netscape AddressBook. I understood from
Patrick and from the mailinglist that anonymous access
to mail
attribute should be provided, which I could not do.
I added the following ACLs which takes care my
requirements 1) and 2). It is okay for MS outlook
also.
defaultaccess none
access to attrs=userpassword
by self read
access to dn=".*,o=([^,]+).com"
by dn=".*,ou=People,$1.com" read
Now to this ACL list, if I add
access to attrs=mail
by * search
to take care of Netscape Address book, ideally
it should work, but it is not. ( may be I am doing
something wrong, which I could not identify)
The following is the information that I have typed in
for the directory I created in Netscape Address Book
Description : LocalDir
LDAP Server : 10.9.2.190
server Root : o=airius.com
Port Number : 389
Max. no.of hits : 100
Secure checkbox : Unchecked
Login With Name and Password : checked
save Password : unchecked
I start Netscape, then Communicator/Addres Book to get
the address book. In the directory, when I click on
"LocalDir", it pops up a login window with the
following contents
-------------
"UserName and password Required"
Please Enter your Email and Password for access to
LocalDir
UserName :
Password :
--------------
I type in dmiller@airius.com/gosling for
username/password. There exists an entry in the LDAP
server with email address dmiller@airius.com and
password "gosling".
Then I get the message,
"Mail Id invalid or not unique, cannot resolve to
directory authorization entry".
After clicking on "Search For", and trying to do a
search for "Name" equal to "Sam", and clicking on
search Button, it pops up the login dialog box again
(since the previous authorization failed) and the
login fails.
The log file in the server has the following contents
Aug 23 02:51:21 skumar_dsk slapd[7562]: conn=6 fd=7
connection from unknown (10.9.2.184) accepted.
Aug 23 02:51:21 skumar_dsk slapd[7588]: conn=6 op=0
BIND dn="" method=128
Aug 23 02:51:21 skumar_dsk slapd[7588]: conn=6 op=0
RESULT err=0 tag=97 nentries=0
Aug 23 02:51:21 skumar_dsk slapd[7589]: conn=6 op=0
SRCH base="O=AIRIUS.COM" scope=2
filter="(mail=DMILLER@AIRIUS.COM)"
Aug 23 02:51:21 skumar_dsk slapd[7589]: conn=6 op=0
RESULT err=0 tag=101 nentries=0
Aug 23 02:51:21 skumar_dsk kernel: VFS: Disk change
detected on device ide1(22,0)
Aug 23 02:51:53 skumar_dsk last message repeated 16
times
Aug 23 02:52:13 skumar_dsk last message repeated 10
times
Aug 23 02:52:15 skumar_dsk slapd[7562]: conn=6 op=-1
fd=7 closed errno=0
Aug 23 02:52:15 skumar_dsk slapd[7590]: conn=6 op=2
UNBIND
Aug 23 02:52:16 skumar_dsk kernel: VFS: Disk change
detected on device ide1(22,0)
ThanX
Santhosh
NB : Can someone point to me to some documentation on
ACL other than
www.openldap.org/faq/data/cache/189.html
__________________________________________________
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/