this is the configuration of my IS 6.0.1 —> JNDI settings:
Provider LDAP
Server URL ldap://localhost:389
Directory Root dc=siroe,dc=it
Connection principal id=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
Connection credentials adminadmin
User Root ou=People,dc=siroe,dc=it
User Filter unspecified
Group Root cn=Admins
Group Filter unspecified
User ID attribute uid
Password attribute userpassword
Member attribute unspecified
Addt’l info (string) unspecified
Addt’l info (binary) unspecified
Timeout (ms) 600000
i cant log into the IS with a username i ve defined in the following structure
dn: uid=msalatini,cn=Admins,ou=People,dc=siroe,dc=it
though if i type the following query into the browser , it returns the user info
ldap://localhost:389/uid=msalatini,cn=Admins,ou=People,dc=siroe,dc=it
Check to see what format you passwords are stored in. Out of the box, only crypt format is supported. iPlanet supports this, but it is not the default. There is a paper on advantage showing how to use other password formats (under the security section).
there is an attribute in the iPlanet dirctory server which controls the storage type,
it is :“passwordStorageScheme” on the node “cn=config”,
i ve set this to CRYPT, though i still cant log in. and i receive this msg in the server log:
1448]2002-09-25 16:21:41 GMT+02:00 [ISS.0002.0010E] Cannot read LDAP Password for user msalatini
however i can see the USERS and GROUPS i ve defined in the directory server , under the “Security ---->users and settings”.
i tried also setting that attrib to the CLEAR ( saving the password in the plain text) but i got the same result,
the papaer you mentioned, talks about some “AuthLDAP” module, which i coulnt find it under the WmSample package, or anywhere in the advantage.
There is a way to set the password format to crypt in the Netscape Server Admin console. I don’t currently have it installed, but it’s on one of the configuration screens. You may need to set the password again after you change the format from clear to crypt (it does not automatically update all of them).
I will send you a copy of the authldap module directly.
Sorry, I answered the wrong question, the account that you connect with needs to have permission to read the userPassword attribute. Normal user accounts do not typically have this permission (at least on iPlanet).