I’m trying to get secure iPrint working using the cn instead of the uid.

Netware 6.5 SP2 server with NDPS, iPrint, and eDirectory all installed locally on the same server. I have read over the Apache 2 mod_auth_ldap documentation (http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html) and based on that I modified sys:\apache2\iprint\ipp.conf. By default it read:

“ldaps://server’s FQDN/O=cc???(objectClass=user)”

I changed it to read (the quotes are present in the file):
“ldaps://server’s FQDN/O=cc?cn??(objectClass=user)”

I then restarted Apache 2 (ap2webrs).

The reason I made this change is that few of our accounts have a uid. In researching this problem I found Novell TID #10088627 which states that iPrint needs to use the uid and proceeds to give two solutions on how to add a uid to each user’s account. Another post said that you can go to the LDAP Group and map the LDAP uid to the NDS CN but I’d rather avoid that in case I need to use the uid down the road for something else.

Our test users keep getting a “Printer authentication failed. Do you want to try again?” error as seen in that TID. Sometimes iPrint will take it after you enter your username and password about 4 times though most times it just keeps asking for your credentials. I did try adding a uid to my account and rolling back to the default ipp.conf config and I was able to authenticate. Whether that was an initial authentication that came because I just restarted Apache 2 or because it worked period I don’t know.

#1 Does iPrint really need to use the uid? Can it use the cn instead if the ipp.conf file is modified?

#2 If you can use cn does it need to be unique tree wide or just unique for user accounts? For example: we have our tree broken down by departments. In each department’s OU is a friends group. So we have multiple instances of the friends cn but no one will authenticate to iPrint using that name. However, some users who authenticate to iPrint will be in one or more friends groups. But every user account’s cn should be unique in the tree.

#3 What am I doing wrong? What do I need to change to get this working?

Thanks for your help!