Netware OES, Windows XP SP2, iPrint clients 4.05 and 4.06.

We have an alias container in our tree at a top level containing aliases
to all the user objects in the tree. Naturally we would like the
ipp.conf file to point to this container for authentication purposes
rather than taking time/resource to trawl through the whole tree to find
So with a tick in the dereferencing aliases box on the LDAP server
object (this LDAP server has all the appropriate replicas on it) and a
refresh of the LDAP server I tried pointing the ipp.conf (and restarting
apache with AP2WEBRS) to .Aliases (our alias container).

Result - The browser hangs when trying to authenticate with the iPrint
client to say download a printer. If I try to restart apache after this
then there is one thread that does not release for 10 mins or so.

(Incidently the access rights have been set correctly within the printer
agent for these tests through iManager)

There are about 36000 alias objects in our .Aliases container, so I
tried creating an alias object in a container with very few objects, and
pointing the ipp.conf file to this.

Result - the iPrint successfully authenticates to the alias object. All
works fine.

Conclusion - On the surface it looks as though the quantity of objects
in a container is limiting?

The other option to get around this is to target the ipp.conf file to
specific contexts to save searching the whole tree for users. But the
AuthLDAPURL directive does not accept multiple contexts.
The other option which might works would be to use two other Apache2
directives -

AuthLDAPBindDN and AuthLDAPPassword.

They could be used like a proxy user, restricting the rights to certain
parts of the tree and therefore limiting unnecessary lookups.But to use
these you would need to call another file on the server containing a
special userid and password set up in Edir with limited rights.