Problem solved. Apparently the new Iplanet 4.1 webserver can only do LDAP v3. The older web servers can do LDAP v2 and v3. So, the new servers have less functionality. Netscape/Iplanet fails to mention this in any of their documentation, but that's how they make their money (when someone has to call their support and pay $150 for a support incident, where the solution is a failure on their part to mention information in their documentation, or failure to mention a bug. I had them pull this on me a couple years ago as well. I was trying to get the 'search' functionality enabled, which was part of 'web publishing'. There is/was a bug in permissions issues where I had to chown/chmod a bunch of files for it to work, as instructed by the tech support guy. > I have an open LDAP 1.2 server running on a Linux box. I can see all the users from >the Iplanet 4.1 webserver when I use the "manage users" screens. I can even ADD >users to my LDAP server from the Iplanet admin server. The users populate LDAP >correctly. > My problem is 'restricting access' to certain directories on the web server. I set >up the ACL to 'deny all', then 'allow authenticated people only'. > I have it set to allow "All in the authentication database" > Authentication Methods: Default > Authentication Database: Default > ( I also tried the Default LDAP as well) > > The following is displayed in my browser: > > Server Error > > This server has encountered an internal error which prevents it from fulfilling your >request. The most likely cause is a misconfiguration. Please ask the administrator to >look for messages in the server's error log. > > > In the web server 'error' log I see the following: > > [09/May/2001:17:39:47] security (14441): [NSACL4330] ACL_GetAttribute: attr getter >failed to get user > [NSACL4330] ACL_GetAttribute: attr getter failed to get isvalid-password > [NSACL5860] ldap password check: LDAP error: "ldaputil internal error" > [09/May/2001:17:39:47] security (14441): for host 192.168.77.26 trying to GET >/index.html, acl-state reports: access of /space/iplanet/naldn/index.html denied by >ACL default directive 2 > [09/May/2001:17:39:47] security (14441): for host 192.168.77.26 trying to GET >/index.html, acl-state reports: access of /space/iplanet/naldn/index.html denied >because evaluation of ACL default directive 2 failed > > From the looks of the above error, it stands to reason that my directive 2 has >problems. But it's a very simple ACL. It simply is allowing anyone in the >authenticated database. > > It's so odd to me, because I know I'm talking to the LDAP and I am even able to >MODIFY/ADD to the database from the web server. > > Something else worth mentioning, I also have a Netscape Enterprise 3.6 web server. >If I configure it to use LDAP for authentication, and point it at my LDAP server, I >am able to authenticate/restrict access to directories. So, it appears to be a >problem with the Iplanet 4.1 web server. > > Any help at all would be greatly appreciated. > > Thanks in advance!
