My organization uses an outside ASP (Go Sign Me Up, www.gosignmeup.com) to schedule professional development classes. They have the ability to use our LDAP/eDir environment to authenticate users to their system. My setup options on their end are pretty simple: server and port, base OU, and some test features. When I test, they're able to "see" us and I get feedback on a dstrace (+ldap) screen but it doesn't work.

Disclaimer: My knowledge of LDAP is limited to getting it working with GroupWise so this is totally new.

Anyway, I've futzed around with proxy users (and yes, I vfy'd the user had a null password) and a few other things but not sure where to look. I'm also not using filtered replicas or anything else weird. The LDAP group/server config on this server is basically as it was originally installed. (BTW, it's a NetWare 6.5 SP6 server with eDir v8.7.3.9 and NLDAP v10555.40.

Here's a copy of a failed session from dstrace:





New cleartext connection 0x9587ab60 from 66.43.119.250:1992, monitor = 0x24a, index = 4
Implied anonymous bind by operation 0x4e:0x63 on connection 0x9587ab60
DoSearch on connection 0x9587ab60
Search request:
base: ""
scope:0 dereference:0 sizelimit:0 timelimit:120 attrsonly:0
filter: "(objectclass=*)"
attribute: "supportedCapabilities"
Unsupported or duplicate attribute: "supportedCapabilities"
Sending search result entry "" to connection 0x9587ab60
Sending operation result 0:"":"" to connection 0x9587ab60
Operation 0x4e:0x63 on connection 0x9587ab60 completed in 0 seconds
DoSearch on connection 0x9587ab60
Search request:
base: ""
scope:0 dereference:0 sizelimit:0 timelimit:120 attrsonly:0
filter: "(objectclass=*)"
attribute: "supportedSASLMechanisms"
Sending search result entry "" to connection 0x9587ab60
Sending operation result 0:"":"" to connection 0x9587ab60
Operation 0x4f:0x63 on connection 0x9587ab60 completed in 0 seconds
DoSearch on connection 0x9587ab60
Search request:
base: ""
scope:0 dereference:0 sizelimit:0 timelimit:120 attrsonly:0
filter: "(objectclass=*)"
attribute: "supportedCapabilities"
Unsupported or duplicate attribute: "supportedCapabilities"
Sending search result entry "" to connection 0x9587ab60
Sending operation result 0:"":"" to connection 0x9587ab60
Operation 0x50:0x63 on connection 0x9587ab60 completed in 0 seconds
DoSearch on connection 0x9587ab60
Search request:
base: ""
scope:0 dereference:0 sizelimit:0 timelimit:120 attrsonly:0
filter: "(objectclass=*)"
attribute: "supportedSASLMechanisms"
Sending search result entry "" to connection 0x9587ab60
Sending operation result 0:"":"" to connection 0x9587ab60
Operation 0x51:0x63 on connection 0x9587ab60 completed in 0 seconds
DoBind on connection 0x9587ab60
Bind name:NULL, version:3, authentication:DIGEST-MD5
Sending operation result 14:"":"" to connection 0x9587ab60
Operation 0x52:0x60 on connection 0x9587ab60 completed in 0 seconds
DoBind on connection 0x9587ab60
Bind (cont) name:NULL, version:3, authentication:DIGEST-MD5
Failed to authenticate full context on connection 0x9587ab60, err = cannot go remote (-779)
Sending operation result 49:"":"" to connection 0x9587ab60
Operation 0x53:0x60 on connection 0x9587ab60 completed in 0 seconds
DoUnbind on connection 0x9587ab60
Connection 0x9587ab60 closed




Basically, I'm submitting my cn and password and it should be verifying it against eDir via LDAP. I don't even see the query here so I'm stuck. Any thoughts would be most appreciated!

--David