OpenLDAP 1.2 and Iplanet 4.1 Web server

OpenLDAP 1.2 and Iplanet 4.1 Web server

Post by GAI Jo » Thu, 17 May 2001 13:17:48



  I have an open LDAP 1.2 server running on a Linux box.  I can see all the
users from the Iplanet 4.1 webserver (running on Solaris 7) when I use the
"manage users" screens.  I can even ADD users to my LDAP server from the
Iplanet admin server.  The users populate LDAP correctly. My problem is
'restricting access' to certain directories on the web server.  I set up the
ACL to 'deny all', then 'allow authenticated people only'. I have it set to
allow "All in the authentication database" Authentication Methods: Default
Authentication Database: Default   ( I also tried the Default LDAP as well)

The following is displayed in my browser:

Server Error

This server has encountered an internal error which prevents it from fulfilling
your request. The most likely cause is a misconfiguration. Please ask the
administrator to look for messages in the server's error log.

In the web server 'error' log I see the following:

[09/May/2001:17:39:47] security (14441): [NSACL4330] ACL_GetAttribute: attr getter failed to get user
        [NSACL4330] ACL_GetAttribute: attr getter failed to get isvalid-password
        [NSACL5860] ldap password check: LDAP error: "ldaputil internal error"
[09/May/2001:17:39:47] security (14441): for host 192.168.77.26 trying to GET /index.html, acl-state reports: access of /space/iplanet/naldn/index.html denied by ACL default directive 2
[09/May/2001:17:39:47] security (14441): for host 192.168.77.26 trying to GET /index.html, acl-state reports: access of /space/iplanet/naldn/index.html denied because evaluation of ACL default directive 2 failed

From the looks of the above error, it stands to reason that my directive 2
has problems.  But it's a very simple ACL.  It simply is allowing anyone in the
authenticated database.

It's so odd to me, because I know I'm talking to the LDAP and I am even able
to MODIFY/ADD to the database from the web server.

Something else worth mentioning, I also have a Netscape Enterprise 3.6 web
server.  If I configure it to use LDAP for authentication, and point it at my
LDAP server, I am able to authenticate/restrict access to certain directories.
So, it appears to be a problem with the Iplanet 4.1 web server.

Any help at all would be greatly appreciated.

Thanks in advance!