I have an open LDAP 1.2 server running on a Linux box. I can see all the users from
the Iplanet 4.1 webserver when I use the "manage users" screens. I can even ADD users
to my LDAP server from the Iplanet admin server. The users populate LDAP correctly.
My problem is 'restricting access' to certain directories on the web server. I set up
the ACL to 'deny all', then 'allow authenticated people only'.
I have it set to allow "All in the authentication database"
Authentication Methods: Default
Authentication Database: Default
( I also tried the Default LDAP as well)
The following is displayed in my browser:
Server Error
This server has encountered an internal error which prevents it from fulfilling your
request. The most likely cause is a misconfiguration. Please ask the administrator to
look for messages in the server's error log.
In the web server 'error' log I see the following:
[09/May/2001:17:39:47] security (14441): [NSACL4330] ACL_GetAttribute: attr getter
failed to get user
[NSACL4330] ACL_GetAttribute: attr getter failed to get isvalid-password
[NSACL5860] ldap password check: LDAP error: "ldaputil internal error"
[09/May/2001:17:39:47] security (14441): for host 192.168.77.26 trying to GET
/index.html, acl-state reports: access of /space/iplanet/naldn/index.html denied by
ACL default directive 2
[09/May/2001:17:39:47] security (14441): for host 192.168.77.26 trying to GET
/index.html, acl-state reports: access of /space/iplanet/naldn/index.html denied
because evaluation of ACL default directive 2 failed
>From the looks of the above error, it stands to reason that my directive 2 has
>problems. But it's a very simple ACL. It simply is allowing anyone in the
>authenticated database.
It's so odd to me, because I know I'm talking to the LDAP and I am even able to
MODIFY/ADD to the database from the web server.
Something else worth mentioning, I also have a Netscape Enterprise 3.6 web server. If
I configure it to use LDAP for authentication, and point it at my LDAP server, I am
able to authenticate/restrict access to directories. So, it appears to be a problem
with the Iplanet 4.1 web server.
Any help at all would be greatly appreciated.
Thanks in advance!
