New NW6.5sp1 server, ifolder installed from sp1 overlay CD.

No users can authenticate. Different errors recieved depending on context of user :- (-23) for users OU, (-25) for parent O.

(-23) errors.
The error log reports the following for user skadmin.priory.ark-ha

03/18/04 07:39:13 iFolder Host OS: NetWare 6.50 Service Pack 1
03/18/04 07:39:13 iFolder Host WebServer: Apache/2.0.48 (NETWARE)
mod_jk/1.2.5
03/18/04 08:43:32 skadmin/home: machId:? - LOGIN encryption mismatch
03/18/04 08:43:43 skadmin/home: machId:? - LOGIN encryption mismatch

This is duplicated on the Apache console screen. The encryption type for this and all users is blowfish.

LDAP is running on the same server and configured to allow clear text.

At the bottom of this post is an excerpt from the DSTRACE log of the same attempted login session.

The problem is certainly LDAP related. Been through the LDAP troubleshooting TIDS and everything checks out (except iFolder).

I've also checked the admin names and the settings in the four Ifolder NDS objects, changed everything to lower case and to use IP addresses instead of DNS.

(-25) errors
These are obtained for users in the o=ark-ha container.
No errors reported in the error log, the Apache screen registers the attempt with no errors.

The dstrace for this user is identical for this connection, just a different context.

Any help would be greatly appreciated

Regards

Tom





DSTRACE log for skadmin
DoSearch on connection 0x9b205c40
Search request:
base: "O=ark-ha"
scope:2 dereference:0 sizelimit:0 timelimit:10 attrsonly:0
filter: "(cn=skadmin)"
attribute: "cn"
Sending search result entry "cn=skadmin,ou=Priory,o=Ark-HA" to connection 0x9b205c40
Sending operation result 0:"":"" to connection 0x9b205c40
New cleartext connection 0x9bc8e8c0 from 192.168.15.2:1220, monitor = 0x1a6, index = 22
DoBind on connection 0x9bc8e8c0
Bind name:cn=skadmin,ou=Priory,o=Ark-HA, version:3, authentication:simple
Sending operation result 0:"":"" to connection 0x9bc8e8c0
DoSearch on connection 0x9b205c40
Search request:
base: "cn=skadmin,ou=Priory,o=Ark-HA"
scope:0 dereference:0 sizelimit:0 timelimit:20 attrsonly:0
filter: "(objectClass=iFolderUser)"
no attributes
Empty attribute list implies all user attributes
Sending search result entry "cn=skadmin,ou=Priory,o=Ark-HA" to connection 0x9b205c40
Sending operation result 0:"":"" to connection 0x9b205c40
DoSearch on connection 0x9b205540
Search request:
base: "cn=iFolder_server01,O=ark-ha"
scope:0 dereference:0 sizelimit:0 timelimit:20 attrsonly:0
filter: "(objectClass=iFolderServer)"
no attributes
Empty attribute list implies all user attributes
Sending search result entry "cn=iFolder_server01,o=Ark-HA" to connection 0x9b205540
Sending operation result 0:"":"" to connection 0x9b205540
DoSearch on connection 0x9b205d20
Search request:
base: "O=ark-ha"
scope:2 dereference:0 sizelimit:0 timelimit:10 attrsonly:0
filter: "(cn=skadmin)"
attribute: "cn"
Sending search result entry "cn=skadmin,ou=Priory,o=Ark-HA" to connection 0x9b205d20
Sending operation result 0:"":"" to connection 0x9b205d20
New cleartext connection 0x9bc8e9a0 from 192.168.15.2:1222, monitor = 0x1a6, index = 23
DoBind on connection 0x9bc8e9a0
Bind name:cn=skadmin,ou=Priory,o=Ark-HA, version:3, authentication:simple
Sending operation result 0:"":"" to connection 0x9bc8e9a0
DoSearch on connection 0x9b205e00
Search request:
base: "O=ark-ha"
scope:2 dereference:0 sizelimit:0 timelimit:10 attrsonly:0
filter: "(cn=skadmin)"
attribute: "cn"
Sending search result entry "cn=skadmin,ou=Priory,o=Ark-HA" to connection 0x9b205e00
Sending operation result 0:"":"" to connection 0x9b205e00
New cleartext connection 0x9bc8ea80 from 192.168.15.2:1223, monitor = 0x1a6, index = 24
DoBind on connection 0x9bc8ea80
Bind name:cn=skadmin,ou=Priory,o=Ark-HA, version:3, authentication:simple
Sending operation result 0:"":"" to connection 0x9bc8ea80