Anonymous_User Absent Member.
Absent Member.
1367 views

Problem with contextless login to iprint

Hello,

we are using Netware 6.5SP5 with edir 8.7.3.7. I would like to implement
iprint with contextless login, but it does not work. It works when the
user logs in with the complete name including context etc.

My ipp.conf is configured like this:

AuthLDAPURL "ldap://fhwiwi2.fh-bielefeld.de/O=FHBI???(objectClass=user)"

When i try to login only with the login name the dstrace console shows
the following:
DSTRACE SCREEN:
(195.37.227.137:1090)(0x000f:0x63) Search request:

base: "o=FHBI"

scope:2 dereference:3 sizelimit:0 timelimit:0 attrsonly:0

filter: "(&(objectClass=user)(uid=tdegenhardt))"

no attributes

(195.37.227.137:1090)(0x000f:0x63) Empty attribute list implies all user
attributes

(195.37.227.137:1090)(0x000f:0x63) Sending search result entry
"cn=tdegenhardt,ou=FB5,ou=MA,o=FHBI" to connection 0x949a3460

(195.37.227.137:1090)(0x000f:0x63) Sending search result entry
"cn=tdegenhardt,ou=FB5,ou=MA,o=FHBI" to connection 0x949a3460

(195.37.227.137:1090)(0x000f:0x63) Sending operation result 0:"":"" to
connection 0x949a3460

The server seems to send two search results with the same user.
The error_log from apache2 shows this:

[Fri Jan 26 09:22:17 2007] [warn] [client 193.174.151.90] [10]
auth_ldapdn authenticate: user tdegenhardt authentication failed; URI
/ipps/pr_uhg-fb5-laser-a3_iprint-fhwi [User is not unique (search found
two or more matches)][No such object]
[Fri Jan 26 09:22:17 2007] [error] [client 193.174.151.90] no acceptable
variant: SYS:/Apache2/error/HTTP_UNAUTHORIZED.html.var

But there is definetely no duplicate entry.


When i log in with full context its working:

DSTRACE:
(195.37.227.137:1093)(0x0007:0x63) Search request:

base: "CN=tdegenhardt,OU=fb5,OU=ma,O=fhbi"

scope:0 dereference:3 sizelimit:0 timelimit:0 attrsonly:0

filter: "(objectClass=user)"

no attributes

(195.37.227.137:1093)(0x0007:0x63) Empty attribute list implies all user
attributes

(195.37.227.137:1093)(0x0007:0x63) Sending search result entry
"cn=tdegenhardt,ou=FB5,ou=MA,o=FHBI" to connection 0x94b00460

(195.37.227.137:1093)(0x0007:0x63) Sending operation result 0:"":"" to
connection 0x94b00460

(195.37.227.137:1093)(0x0008:0x60) DoBind on connection 0x94b00460

(195.37.227.137:1093)(0x0008:0x60) Bind
name:cn=tdegenhardt,ou=FB5,ou=MA,o=FHBI,
version:3, authentication:simple

(195.37.227.137:1093)(0x0008:0x60) Sending operation result 0:"":"" to
connection 0x94b00460


The server sends only one search result.
Any help would be appreciated.

Kind regards,
Thomas
0 Likes
8 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Problem with contextless login to iprint

What iPrint client version are you using?

--
Marcel Cox (using XanaNews 1.18.1.6)
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Problem with contextless login to iprint

Marcel Cox schrieb:
> What iPrint client version are you using?
>

Iprint client V04.20.00

Regards,
Thomas
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Problem with contextless login to iprint

Thomas Degenhardt wrote:

>Iprint client V04.20.00


You might try if 4.26 makes a difference.

--
Marcel Cox
http://support.novell.com/forums
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Problem with contextless login to iprint

Marcel Cox schrieb:
> Thomas Degenhardt wrote:
>
>> Iprint client V04.20.00

>
> You might try if 4.26 makes a difference.
>

Marcel,

i tried it with V4.26, but the behaviour is the same.

Regards,
Thomas
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Problem with contextless login to iprint

Well, it seems that in case of the contextless login, iPrint does not pick
up the user's context and therefore tries to do the login based on the
user's uid rather than the distinguished name.
What is strange is that the uid search returns your user twice. Is there
an alias for the user by any chance?

--
Marcel Cox
http://support.novell.com/forums
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Problem with contextless login to iprint

Marcel Cox schrieb:
> Well, it seems that in case of the contextless login, iPrint does not
> pick up the user's context and therefore tries to do the login based on
> the user's uid rather than the distinguished name.
> What is strange is that the uid search returns your user twice. Is there
> an alias for the user by any chance?
>

Marcel,
you are pointing to the right direction. There are two aliases for the
containers where the users reside. I used another user from a different
container (with no alias...) and there is only one search result
returned and it is working as expected. That is definetely the problem.
Thank you!
But now i have a problem with the aliases. I created these aliases a
long time ago because my user containers are "far" away from my
container where my servers and other objects like apps, policies, etc.
reside. I'm a little bit fear of deleting them, because i created a lot
of trustees, associations, etc. on these aliases. And i'm not sure what
happens when i delete the alias: Is only the alias deleted (and the
trustees ando son on) or is the referring container deleted, too?

Kind regards,

Thomas
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Problem with contextless login to iprint

As far as I know, rights don't operate on aliases, but only on real
objects. However most tools are written such that if you change properties
or rights on an alias object, you are actually changing the real object
the alias is pointing to. So your rights should actually be assigned to
the real objects, not to the aliases.

--
Marcel Cox (using XanaNews 1.18.1.6)
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Problem with contextless login to iprint

Marcel Cox schrieb:
> As far as I know, rights don't operate on aliases, but only on real
> objects. However most tools are written such that if you change
> properties or rights on an alias object, you are actually changing the
> real object the alias is pointing to. So your rights should actually be
> assigned to the real objects, not to the aliases.
>

Marcel,

i deleted the aliases and its now working as expected. Thanks for your
help.

Kind regards,
Thomas
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.